On 1/20/2011 10:11 AM, Rudi Ahlers wrote:
>
> Benjamin, I'm sorry to say this, but you're wrong!
>
> Now, since we're doing the name-calling thing, let's get that out of the way.
>
> Sometimes you need to access a PC of a staff member who is busy with
> something right now. And I'm not talking about administrative access.
> Sure, I can access any PC via root login, and frankly for that matter
> I can also reset any user's password via root login.
>
> The message I'm trying to bring across is that users in the company
> shouldn't have passwords which admin doesn't know, or can't access.
> The PC's and data, well at least in our company, is the property of
> the company. Making it more difficult for an engineer to gain access
> to a user's PC automatically arises suspicion
That actually sounds very strange. Are there any published references
for the concept that individual passwords should be shared instead of an
administrator using his own granted privileges when accessing data owned
by someone else? And if group access is commonly needed, shouldn't the
data be group-accessible, both in protection and location?
Are you working around some software constraint here? I can understand
both sharing of physical workstations (with different logins) and
sharing common data, but don't see why you'd ever want one person to
pretend to be someone else by sharing a login.
--
Les Mikesell
lesmikesell at gmail.com