[TriLUG] Password Security
Andrew C. Oliver
acoliver at buni.org
Mon Jul 23 18:53:22 EDT 2007
Linux authentication can take place with a series of stackable modules
via PAM (http://www.kernel.org/pub/linux/libs/pam/modules.html). There
are all manner of modules that could authenticate against some internet
accessible server (be careful to encrypt the stream, avoid DNS, etc).
You could ask that customers maintain some pam module that uses your
directory server (LDAP or otherwise) and your admins could just login
using their normal username. They could also be listed in Sudo
http://en.wikipedia.org/wiki/Sudo so they could always become root. In
fact on Ubuntu, an ever popular linux distribution, you generally create
a user account and it has sudo access. You generally don't actually
ever type the root password.
-Andy
Ron Joffe wrote:
> On Monday 23 July 2007 14:28, Andrew C. Oliver wrote:
>>> Now what do you do when you have to keep a list of passwords sync'd
>>> between a set of support technicians ?
>> This is a REALLY bad idea procedurally to share a set of passwords
>> between users if that is what you mean.
>
> I have 4 people responsible for after hours support on a growing number of
> client systems. Could you please post your suggestions as to how they all
> should gain privs on those servers? I have my own ideas, but rather then
> taint your answer, I would like to get a fresh perspective.
>
> Thanks,
>
> Ron
>
>
>
>
>
--
Buni Meldware Communication Suite
http://buni.org
Multi-platform and extensible Email,
Calendaring (including freebusy),
Rich Webmail, Web-calendaring, ease
of installation/administration.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3629 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20070723/7014750f/attachment.bin>
More information about the TriLUG
mailing list