On Sun, 20 Dec 2015 10:12:17 -0500
Gene Heskett <gheskett@...> wrote:

> To that end, if the package 
> asks for a pw, and gets the 1st users pw as a response, it should be 
> happy and run. There is little or no difference between root and 1st 
> user as 1st user is generally the one who originally setup the system 
> and should know it well.

Don't assume that all systems are single-user desktops.  Your 
suggested setup isn't sufficient, for instance, to handle a multi-user 
system that's just gotten a new administrator, as might happen in
a corporate environment.  Once the old admin's account is scrubbed, 
the original "first user" isn't there anymore, so where should the rights 
end up?  The next user added probably wasn't the new admin, and
the new admin shouldn't have to use someone else's login name.

TDE shouldn't allow behaviour that sudo doesn't (assuming that
sudo is even present on the system--it's quite possible to use su
only and never install sudo!), which seems to be what you're 
advocating here.  It does have to be able to be able to authenticate
via sudo with user passwords if the system accepts that behaviour
in other contexts.

Regardless, I expect Michele et al. will do The Right Thing.

E. Liddell