From Fedora Project Wiki
Line 5: | Line 5: | ||
* Need to avoid having multiple ways to do the same thing | * Need to avoid having multiple ways to do the same thing | ||
* UI vs command line vs config files | * UI vs command line vs config files | ||
* Please only use one menu item, not two | |||
* The basic pattern we had come up with was, "Have two paths, and ask the user a question to figure out which path they should go on and put them | |||
on it." (e.g., local account only, vs centrally-managed account are the two paths.) | |||
* A better path would be, "Put the users on the most common path (local account only) and offerthem the option to also go on the alternative path."(which is how firstboot works today, but the language in the dialog is confusing to users.) The problem is, having three levels of dialogs is unacceptable from a usability standpoint. The challenge: can we come up with a way to have one dialog to configure both SSSD and the legacy way and have it not suck? | |||
= Technology Review = | = Technology Review = |
Revision as of 19:04, 15 February 2010
15 Feb 2010
Feedback
- Need to avoid having nested firstboot screens
- Need to avoid having multiple ways to do the same thing
- UI vs command line vs config files
- Please only use one menu item, not two
- The basic pattern we had come up with was, "Have two paths, and ask the user a question to figure out which path they should go on and put them
on it." (e.g., local account only, vs centrally-managed account are the two paths.)
- A better path would be, "Put the users on the most common path (local account only) and offerthem the option to also go on the alternative path."(which is how firstboot works today, but the language in the dialog is confusing to users.) The problem is, having three levels of dialogs is unacceptable from a usability standpoint. The challenge: can we come up with a way to have one dialog to configure both SSSD and the legacy way and have it not suck?
Technology Review
Identity Technology | Authentication Technology | Recommended Implementation | Misc Notes |
---|---|---|---|
LDAP | Kerberos | SSSD | 17% |
LDAP | LDAP | SSSD | 80% |
NIS | Kerberos | Legacy auth-config | should not call 'secure' because that's used to mean something else wrt NIS ('usually means you've set things up at the server so that clients can only read from certain maps (for example, 'passwd.adjunct', which is similar in purpose and use to /etc/shadow) if they send their request from privileged ports') |
NIS | NIS | Legacy auth-config | far more common than NIS / shadow |
Winbind | Winbind | Legacy auth-config | |
Hesiod | Historically, Kerberos | Cut from UI | iastate / NCSU / MIT potential current users. iastate said it's fine to cut from UI, they don't need UI for it. |
Smart Card (cert-based) | Smart Card (cert-based) | too difficult to manage without UI, can't drop. | will be in SSSD 6-12 months / smartcard/smartcard most common setup |
Smart Card (cert-based) | Kerberos | too difficult to manage without UI, can't drop. | Least common setup, smart card enables you to get a krb ticket |
??? | Fingerprint | Cut from UI |
Anticipated User Complaints
- Have to know how user info maps to password. Legacy UI lets you select all the user info / password methods you want, and tries different combos until it finds something that works. The new way requires you explicitly state the user info + password mapping. (explicit mapping is less prone to accidental configuration thus more secure - less holes that could be broken through)
Suggested Screen Content (Ideal)
Tab 1: Identity & Authentication
- [ ] NIS
- [ ] Secure NIS (uses Kerberos)
- [ ] Winbind (Winbind for both)
[ ] Cache User Info
Tab 2: Advanced Options
NETWORK
- [ ] Homedir creation on login
LOCAL
- [ ] Enable local access control
- [ ] Password hash algorithm [ dropdown goes here | \/]
Review of Current Screens
Tab 1: User Info
- NIS (Should be listed #1)
- Winbind (Should be listed #2)
- Hesiod (Should be listed #3 or pulled. Talk to Nalin)
Tab 2: Password
- Kerberos (should be kept for NIS)
- LDAP (should be pulled)
- Smartcard (consider pulling, talk to Nalin, et. al.)
- Fingerprint (consider pulling)
- locally works by just installing the right package. GNOME About Me dialog handles.
- network - nobody reasonable uses this over the network
- Winbind (should be kept for winbind)
Tab 3: Options
- Cache user info KEEP
- uses nscd. Identity, not auth. Requires less nework trips if enabled - otherwise everytime you type 'ls' or 'ps ax' it uses a network trip to identify the username <=> uid mappings. Can't kill it. Has a higher-performance cache even though it gets staler / harder to flush / caches more stuff than SSSD does.
- Use shadow KILL
- this should be enabled. it removes the ability for non-root users to read your password hash.
- password hash login KEEP
- only useful for local users
- controls creation of new passwords
- folks in particular countries with particular regulations (including france?) government workers care about this
- local authorization sufficient KILL
- enable it by default
- auth sys accounts via network KILL
- disable it
- for example, apache accounts are not normally login enabled accounts anyway. this would let you auth it over the network.
- check access.conf during auth KEEP
- reword 'Enable local access control'
- create homedirs on first login KEEP
- 2 ways to do it, pam-make homedirs vs pam make homedirs dbus
- dbus method uses policykit/root, more capabilitity but currently issues with setting proper SELinux user context