On 11/27/19 2:59 AM, Zbigniew Jędrzejewski-Szmek wrote:
On Tue, Nov 26, 2019 at 09:39:59AM -0700, Chris Murphy wrote:
> Mayyyybee systemd-homed is in
> a position to solve this by having early enough authentication
> capability by rescue.target time that any admin user can login?
Actually, it may. Things are confusing here, because systemd-homed is
implemented together with changes to how user metadata querying is done:
instead of using dbus, a brokerless and much simpler varlink query is used.
That last part is what would be relevant to early-boot logins, because
less services need to be up to bring up the user session.
There's one tricky feature of homed : remote login (ssh) is only
possible after an initial local login. It is OK for his intended use (a
personal laptop/tablet client), except for corner cases like a remotely
accessed personal desktop in the basement that might get rebooted e.g.
for updates, resulting in an accidental lockout.