Comment 6 for bug 1919563
Revision history for this message
| Robie Basak (racb) wrote Re: [Bug 1919563] Re: updated sssd with smart cards now brick systems without full cert chain | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Karl, thank you for the detailed writeup? This looks very useful. I'll
leave Marco to respond as he drove the change in question, but a couple
of less technical comments:
On Thu, Mar 18, 2021 at 01:16:28AM -0000, Karl Grindley wrote:
> I don't discourage this change, in fact, will help push along the MFA
> adoption.
[I rearranged ordering of your sentences a bit for context]
> I'd also suggest that MFA support in general should be considered a core
> requirement for future versions of the LTS, and well tested, supported
> and documented. Adoption will only grow with time, and become more
> critical. This will help reduce the variations of implementations, and
> help drive folks to a known and supported configuration.
Thank you for the support! I believe this was exactly Marco's intention.
> However, I think perhaps some preflight checks in the package could
> solve someone bricking their machine. (or a large quantity of machines).
It sounds to me that there's some scope for improvement then, if that
can be figured out between you and Marco, and that a revert isn't
required.
So to ensure there's no misunderstanding about expectations about this
bug, the way I see it now is that we're going to keep what we have.
Marco will (presumably) consider your suggestion and that might lead to
a further upload to add some further sanity checks depending on how the
details pan out. We can use this bug to track and communicate about
that.
Does that work for everyone?