On Mon, 25 Jun 2012, Robert Hajime Lanning wrote:
On 06/25/12 16:59, Michael C Tiernan wrote:
How business continuity is maintained across catastrophic events.
How, when everything else has hit the fan, can "I" a "trusted admin"
working in the data center get access into our systems where even the
networking is down? There are times that in preparation of bring up the
data center from a dead stop, I need to log into some systems and run
fsck's (or other such tasks) before everything else is live.
In those situations, on the console, I just boot with "init=/bin/sh".
It is way easier than dealing with password secrecy procedures.
This includes the fact that the password is still a secret.
"Passwords? We don't need no stinkin' passwords!" :)
There is that, although that doesn't work for all systems (much harder to
do on a windows system or an appliance)
Also, a sufficiently paranoid environment will have disabled that.
I've also seen some systems where enough system configuration was done in
the initramfs before really booting the system, that bringing up the
system manually was "non trivial". I try very hard to avoid creating such
systems.
but it is a important tool to keep in mind.
David Lang
Can I, after getting the root password of a system in an emergency, flag a
password as "exposed" but not "compromised" requiring the password to be
changed and re-synced at the next possible opportunity when "normal"
operation has been restored.
Is there a way to generate password displays using clear concise
(unabigous) language for reading over the phone or other verbal exchange
including, should it be required, printing. (i.e. Password=bwFq display as
"[bravo][whisky][FOXTROT][golf]")
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
