On 8/23/07, Mark Post <[EMAIL PROTECTED]> wrote: > > And non-encrypted private keys (null passphrase) are evil. > > Careful. Gabe didn't say he did that. He said he had non-null passphrases.
I know. But I don't want to buy free drinks for the folks that do... > My personal opinion is that any Linux system protected by a z/VM > userid/password doesn't _need_ to have a login prompt on the virtual console. > Having bash running is just fine. Even so, in absolute terms, that _is_ > less secure than having both. Just not meaningfully so, IMO. And just > because you have a root password doesn't mean you can't use key pairs as well > (as you yourself said you did). In my (too long) post I tried to explain why not having a root password is *more* secure. The sulogin just gives the illusion of an extra barrier, but in real life it is not: - once used, the virtual machine is typically #cp disc with root logged on - the root password is the same on many machines to achieve ease of use - if unique, the password is stored somewhere in a place that might be less secure - when used, it's visible in the open on the 3215 and can be seen when typed or logged It's like putting an extra lock on the front door to require that everyone needs 2 keys to get in, but for ease of use make that extra lock match the key of the back door. When you're then less careful with the 2nd key because they still would need both, you forget that it still opens the back door. When someone leaves the operations team and you remove him from the RACF group that has a permit to the logonby profile, he'd still know the root password and use that through su to get in again. IMHO the whole ceremony around root passwords comes from an environment where they don't have a better option. But when folks get more granular access control (through managed IP-connected KVM switches and granular physical access control and auditing) I suspect their requirements will change as well. Local mods remain a pain, whether by hacking or by hacked packages. We've tried both. It would be nice if SuSE would support a configuration parameter that tells all places to skip the sulogin. Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
