Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   CentOS (http://www.linux-archive.org/centos/)
-   -   directory services and root/sudo access (http://www.linux-archive.org/centos/458975-directory-services-root-sudo-access.html)

Iain Morris 11-29-2010 03:13 PM
directory services and root/sudo access
 
This is perhaps a more general security question. *For those of you with a directory services installation, do you install a generic local user with sudo access in case directory services is not available? *Or do you just beef up your directory services to the point that you are confident it will almost always be up?

I usually disable root login via ssh, but allow it from the physical console, and make an emergency generic account with sudo privs in case DS breaks down. *What I've noticed, however, is if I simulate a directory services failure, ssh logins with this generic local account take an eternity as the server still tries to auth that user against ldap/kerberos first. *I'm sure this could be adjusted in pam in some way.

I was just curious how other admins approach this, and what level of trust they place in directory services being available.

--
-- -
Iain Morris
iain.t.morris@gmail.com



_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


All times are GMT. The time now is 01:53 PM.

VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.