Educause Security Discussion mailing list archives

Re: SYSADM and Security

From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Sun, 7 Jan 2007 08:22:59 +1300

Russell Fulton wrote:

We too have separate groups for OS administration PS administration and
DBAs. I believe that all the special PS accounts such as sysadm are set
up so they can not be logged into directly.  All admins and DBAs have
individual logins (soon to be controlled via RSA tokens) and users then
'sudo su' to the special accounts.

Replying to myself:  As many of you no doubt figured out I misunderstood
the original poster's question and thought they were referring to the
special UNIX accounts that seem to be used on all systems running PS.
We have hopes that PS will support RSA in the future and that that will
give us an audit trail via the logs on the RSA server to show who did what.

So sorry, I don't have any magic bullets or spelled swords for securing
the actual PeopleSoft accounts like SYSADM.  Apologies for the confusion.

Russell

Current thread:

SYSADM and Security Mark Staples (Jan 03)
- <Possible follow-ups>
- Re: SYSADM and Security Allan Williams (Jan 03)
- Re: SYSADM and Security Alan Amesbury (Jan 03)
- Re: SYSADM and Security Theresa M Rowe (Jan 03)
- Re: SYSADM and Security Russell Fulton (Jan 03)
- Re: SYSADM and Security Russell Fulton (Jan 06)