Rick Funderburg wrote: > Why not just disable remote root logins? One argument against sudo is > that generally user passwords may be easier to compromise than the root > password.
I forgot to mention that in my original email: Part of the no root password scheme is disabling remote root logins in sshd_config. Essentially the same thing as having no root password I guess except that you can still log on as root on the console if you happen to have the password. The people using sudo access are generally people who would have root access anyway unless you are letting people sudo with only certain commands. If the user passwords can be compromised an attacker can usually exploit a local vulnerability to elevate their privs. One of the things on my list is to run crack on all of our user passwords to make sure they are decent. -- Tracy R Reed http://copilotconsulting.com 1-877-MY-COPILOT -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
