On Tue, 2004-07-20 at 13:56, adam@thebowery.co.uk wrote:
What I don't understand is why (some people will probably be horrified at my suggestion now) is that these desktop newbie centered distros don't generate a secure password (why not perhaps 4 or 5 and let you choose one of them with a single click of the mouse?) when you install and display it on screen and then print a message saying "this is your root password, write it down and keep it in a very safe place. You will need this password to maintain your machine and if you allow anyone else to know this password then they could break into your machine and access your data" (or something similar) and just ask for this password when running package installers and configuration options etc.
This makes sence for a home user distro but maybe they would loose the password, i guess there is no good way around that.
Then at around the same time you can force them to create a normal user account (ok, this is for a bit of desktop software aimed at the desktop, I am not advocating this approach for all distros) and suggest a few secure passwords at them?
The idea of a normal user being auto created by the installer makes sense to me. If the user name was based on some information the user gave at install time(like name) i don't see what security problems this would bring.
Why should a home user need a password to login to there own machine? I understand the need for security on a public use machine that has more then one user account or on a machine that allows remote logins but does a simple home user need multiple accounts or remote logins? I wouldn't think this was good for a normal distribution but for a home use distro it makes sense.
Dennis