On Tue, 2004-10-19 at 11:00 +0100, Ronny Adsetts wrote: > How about where you have no local users except root - all other users are via > LDAP or similar - and some catastrophe takes out your user DB? Allowing root > ssh login will at least get you access to the box. > > Allowing root ssh access but setting policy on its use seems a better option > to me. And running jack the ripper on your password hashes of course. > > Ronny Firstly, your DB would be backed up so you could restore the system, however ignoring that, and lets assume that for some reason we can't restore, which I admit is possible. You can configure your machine to fallback onto local password files in the absence of the the LDAP server, so I would keep a local user account on the server for just such emergency scenarios. This is in the situation where i can't get to the box locally, however I always provision for local access either in person or via a third party to any system I maintain, so I have never had to deal with this. Local access is a must in order to retain reliable uptime in my opinion. Multi-admin to me, means multi-access level, fine control and not giving any one more access than they require. I can see your point, but the technology provisions for it. (excellent domain/company name BTW) Regards, -- Barrie Dempster (zeedo) - Fortiter et Strenue http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
Attachment:
signature.asc
Description: This is a digitally signed message part