This is a draft, please don't think of anything on it as being set or usable

Introduction

Various packages handle passwords and sensitive data different ways, they also do not particularly handle different end user cases very well. This is an attempt to gather stakeholders from packages upstream and working groups with their different needs and come up with an overall policy on handling passwords and other access data accross the Fedora project.

This is just a draft, please don't treat anything here as official or decided or even correct.

Stakeholders

• anaconda - sets initial root password, sets some settings around ssh, users.

• libpwquality - used to judge 'quality' of passwords.

• ssh maintainers - used to remotely access Fedora machines.

• gnome-initial-setup - sets up users

• initial-setup - sets up users in non workstation installs

• polkit - policy kit access

• sudo - switch user

• systemd - handles logind setup and emergency/single user mode

• gnome-keyring / gpg - passphrases for keys, etc.

• accountsservice - User accounts

Use cases

• laptop/notebook workstation users

• desktop workstation users

• server users

• cloud instances users

• qa/test users - may wish to have less requirements when testing many times.

Notes

• Need to gather list of stakeholders

• Need to try and find a place to discuss and make some strawman type proposals.

• Deadline would be before Fedora 23 alpha so projects have time to adjust policies.