[CentOS] directory services and root/sudo access
Iain Morris
iain.t.morris at gmail.comMon Nov 29 16:13:01 UTC 2010
- Previous message: [CentOS] Minimising disk I/O
- Next message: [CentOS] directory services and root/sudo access
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is perhaps a more general security question. For those of you with a directory services installation, do you install a generic local user with sudo access in case directory services is not available? Or do you just beef up your directory services to the point that you are confident it will almost always be up? I usually disable root login via ssh, but allow it from the physical console, and make an emergency generic account with sudo privs in case DS breaks down. What I've noticed, however, is if I simulate a directory services failure, ssh logins with this generic local account take an eternity as the server still tries to auth that user against ldap/kerberos first. I'm sure this could be adjusted in pam in some way. I was just curious how other admins approach this, and what level of trust they place in directory services being available. -- -- - Iain Morris iain.t.morris at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20101129/44003f46/attachment.html>
- Previous message: [CentOS] Minimising disk I/O
- Next message: [CentOS] directory services and root/sudo access
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list