You're right, I misread. I thought he wanted to run without a user account,
but he only wants his user account to not have a password
If he doesn't allow logins at all on his system, that might not be a security
hole, so that's not so bad as running as root
But it shouldn't be the default, the default should be to force it. At
present, it doesn't force a strong password, you can have the password
"hello", and yast will produce warnings about it but it will let you do it. I
don't think this is a bad thing
Yes, what I want, is that Yast allow me to create a user account, but
a passwordless one (currently impossible) during SUSE install. For
one-user (home) it's a non-problem as I trust people that I live with
(my family).
To balance the security model (i.e improve), I have an excellent idea:
"password-strength meter" for every new password created via Yast.
make some progress bar, that is black for no-password, red if password
is weak, yellow for moderate strength passwords and green for very
strong passwords.
This bar must be shown every time a new user is created (including
during SUSE setup),
or the password is changed via Yast.
-Alexey Eremenko.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
