Home page logo

basics logo Security Basics mailing list archives

Re: Password Change Management
From: "Michel Pereira" <michel () michel eti br>
Date: Thu, 2 Mar 2006 18:42:18 -0300

   And why not an centralized authentication services like Active
Directory (Windows) or LDAP (Linux)?
   It's very easy to remove (block, change password) the user and he
can't login anywhere.


On 3/1/06, Jakub Zvěřina <barbucha () gmail com> wrote:
IMO, the best solution of this is that admin has his own account and
he would manage server via sudo. When he's off, just remove him from
sudoers. I do not see anything bad about this, do you? Since you can
excactly specify what he can do and where, I think, there is no
better way to manage this.

Other way could be let the admins authenticate themselves by public
DSA(or RSA) key. It is also easy to remove him from ~/.ssh/
authorized_keys. Changing of passwords is too expensive to do it
always someone is "leaving the ship".


Só Jesus salva,o homem faz backups.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]