User:Kevin/Draft Passwordpolicy

From FedoraProject

Jump to: navigation, search
Stop (medium size).png
This is a draft, please don't think of anything on it as being set or usable

Contents

Introduction

Various packages handle passwords and sensitive data different ways, they also do not particularly handle different end user cases very well. This is an attempt to gather stakeholders from packages upstream and working groups with their different needs and come up with an overall policy on handling passwords and other access data accross the Fedora project.

This is just a draft, please don't treat anything here as official or decided or even correct.

Stakeholders

  • anaconda - sets initial root password, sets some settings around ssh, users.
  • libpwquality - used to judge 'quality' of passwords.
  • ssh maintainers - used to remotely access Fedora machines.
  • gnome-initial-setup - sets up users
  • initial-setup - sets up users in non workstation installs
  • polkit - policy kit access
  • sudo - switch user
  • systemd - handles logind setup and emergency/single user mode
  • gnome-keyring / gpg - passphrases for keys, etc.
  • accountsservice - User accounts
  • shadow-utils - password and /etc/shadow handling - not really, the shadow-utils utilities are root-only and are not generally used by inexperienced users

Use cases

  • laptop/notebook workstation users
  • desktop workstation users
  • server users
  • cloud instances users
  • qa/test users - may wish to have less requirements when testing many times.

ideas

Make some kind of central policy with defaults and have one place users can change it?

Different policies for different use cases? (can we tell what use case we are in?)

Notes

  • Need to gather list of stakeholders
  • Need to try and find a place to discuss and make some strawman type proposals.
  • Deadline would be before Fedora 23 alpha so projects have time to adjust policies.