-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/07/2010 06:28 AM, Sumit Bose wrote: > I like the idea of an 'emergency' VPN connection, because as Simo > mentioned it has a much broader use case then just the setting of the > initial password. But for this I'm thinking of a perhaps simpler > solution than a desktop/gdm integration. What about a special run-level > start script which is only executed when a certain command line option > is set during the system startup (the user does not have to set this > manually but just need to choose something like 'Helpdesk assisted > startup' instead of 'Normal startup' at the grub boot screen. This start > script than ask the user to call helpdesk and helpdesk can give a > one-time username/password to the user which is used by the script to > set up a VPN connection. Then the system continues to boot.
This approach would still likely require plymouth integration at the least, since a user would need to be able to specify this at boot time before the transition over to the real X-server. I'm also wary of ever allowing an unauthenticated user access to a VPN shared secret, but if it was contacting a special VPN concentrator created for this purpose that only allowed authentication with one-time-passwords and only provided access to the LDAP server and authentication server, then I suppose I can live with that. But that's putting an awful lot of additional responsibility on the IT staff to make sure that connection is secure. As well as additional hardware. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkzWmJgACgkQeiVVYja6o6M2LQCeIiodRBEtIuij+/BKrCARJGg2 UrIAnj2J3f33fLiDo07kV/w22zw/ZC5h =ZUNv -----END PGP SIGNATURE----- _______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel