pdevine
commented
7 years ago @allingeek is the thinking here that some applications are using PAM for access control? Do you know any applications we'd want to lift/shift that currently do that?
Open allingeek opened 7 years ago
pdevine
commented
7 years ago @allingeek is the thinking here that some applications are using PAM for access control? Do you know any applications we'd want to lift/shift that currently do that?
allingeek
commented
7 years ago @pdevine I don't want to see people accidentally push key material of any kind into a public repository.
We need to lift and shift user configuration and login data. You're taking a risk any time you're pulling critical files like /etc/shadow into an environment where access controls might be subverted. You're taking a further risk by committing those files into a layered image. You're also making it very difficult to change those passwords after the fact because mutations will revert every time you restart a container from a shifted image.
We have to build this component pair because many systems have been specialized with user configuration. User education is going to be really important for this tooling.