Absolutely this is a security risk! I would never give OPERATOR DEVMAINT ability - OPERATOR should have the ability to do particular things and query particular things -- but not things like see passwords or the get ability to get to anything they want (e.g. DEF MDISK). If I was an auditor - you'd be in big trouble, buddy ;-) And for not having an ESM maintain your passwords in an encrypted and unqueryable fashion -- double trouble..
Scott On Tue, May 12, 2009 at 2:52 PM, RPN01 <[email protected]> wrote: > eeded. > > The evil question that comes to mind now is, could an auditor site you > because the operators effectively have access to all the passwords on the > system via roughly four commands? Is this considered a security hole > (though > one that proved very useful today...) > -- > Robert Nix -- Mayo Clinic > (shortened signature) > >
