Today, Kevin D. Clark gleaned this insight:
> We were both completely clear as to what was and what was not
> acceptable to do with these passwords. In the end, about the only
> thing we ever did was shut down each other's machines in the event
> that the other person wasn't in when the power was scheduled to go out
> over the weekend.
>
> I'm telling you right now, if you call into question the
> trustworthiness of my friend, I'm going to be insulted.
Kevin, no one is doing that. What we are trying to point out is that the
system administration group, which is usually very small and often too
small, manages the network security of a much larger company, often with
thousands of employees.
Security is THEIR responsibility, and ultimately if someone is going to
get fired, it will probably be one of them, unless they are able to
identify the culprate. If everyone has the root password, that becomes
nearly impossible.
Furthermore, with so many employees, it is almost a certainly that a few
of them have committed dishonest acts in the past, maybe even crimes, and
you, as the system administrator can't know who they are, or that they
won't do it again, TO YOU.
It's all about acceptable risk.
--
PGP/GPG Public key at http://cerberus.ne.mediaone.net/~derek/pubkey.txt
------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
