Security Basics mailing list archives
Re: Password Change Management
From: "Michel Pereira" <michel () michel eti br>
Date: Thu, 2 Mar 2006 18:42:18 -0300
And why not an centralized authentication services like Active Directory (Windows) or LDAP (Linux)? It's very easy to remove (block, change password) the user and he can't login anywhere. bye On 3/1/06, Jakub Zvěřina <barbucha () gmail com> wrote:
IMO, the best solution of this is that admin has his own account and he would manage server via sudo. When he's off, just remove him from sudoers. I do not see anything bad about this, do you? Since you can excactly specify what he can do and where, I think, there is no better way to manage this. Other way could be let the admins authenticate themselves by public DSA(or RSA) key. It is also easy to remove him from ~/.ssh/ authorized_keys. Changing of passwords is too expensive to do it always someone is "leaving the ship". -jz
-- Só Jesus salva,o homem faz backups. http://www.michel.eti.br
Current thread:
- Password Change Management Matt Alexander (Mar 01)
- Re: Password Change Management Gaddis, Jeremy L. (Mar 02)
- Re: Password Change Management Jakub Zvěřina (Mar 02)
- Re: Password Change Management Michel Pereira (Mar 03)