[TriLUG] Password Security

Andrew C. Oliver acoliver at buni.org
Mon Jul 23 18:53:22 EDT 2007


Linux authentication can take place with a series of stackable modules 
via PAM (http://www.kernel.org/pub/linux/libs/pam/modules.html).  There 
are all manner of modules that could authenticate against some internet 
accessible server (be careful to encrypt the stream, avoid DNS, etc). 
You could ask that customers maintain some pam module that uses your 
directory server (LDAP or otherwise) and your admins could just login 
using their normal username.  They could also be listed in Sudo 
http://en.wikipedia.org/wiki/Sudo so they could always become root.  In 
fact on Ubuntu, an ever popular linux distribution, you generally create 
  a user account and it has sudo access.  You generally don't actually 
ever type the root password.

-Andy

Ron Joffe wrote:
> On Monday 23 July 2007 14:28, Andrew C. Oliver wrote:
>>> Now what do you do when you have to keep a list of passwords sync'd
>>> between a set of support technicians ?
>> This is a REALLY bad idea procedurally to share a set of passwords
>> between users if that is what you mean.
> 
> I have 4 people responsible for after hours support on a growing number of 
> client systems. Could you please post your suggestions as to how they all 
> should gain privs on those servers? I have my own ideas, but rather then 
> taint your answer, I would like to get a fresh perspective.
> 
> Thanks,
> 
> Ron
> 
> 
> 
> 
> 


-- 
Buni Meldware Communication Suite
http://buni.org
Multi-platform and extensible Email,
Calendaring (including freebusy),
Rich Webmail, Web-calendaring, ease
of installation/administration.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3629 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://www.trilug.org/pipermail/trilug/attachments/20070723/7014750f/attachment.bin>


More information about the TriLUG mailing list