Educause Security Discussion
mailing list archives
Re: SYSADM and Security
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Sun, 7 Jan 2007 08:22:59 +1300
Russell Fulton wrote:
We too have separate groups for OS administration PS administration and
DBAs. I believe that all the special PS accounts such as sysadm are set
up so they can not be logged into directly. All admins and DBAs have
individual logins (soon to be controlled via RSA tokens) and users then
'sudo su' to the special accounts.
Replying to myself: As many of you no doubt figured out I misunderstood
the original poster's question and thought they were referring to the
special UNIX accounts that seem to be used on all systems running PS.
We have hopes that PS will support RSA in the future and that that will
give us an audit trail via the logs on the RSA server to show who did what.
So sorry, I don't have any magic bullets or spelled swords for securing
the actual PeopleSoft accounts like SYSADM. Apologies for the confusion.