Stuart Jansen wrote:
That's the point. It doubles the number of accounts an attacker has to compromise. It also creates an audit trail so you know which co-worker needs to be "educated" after taking down a productions system. All without making the system noticeably harder to manage.
Having multiple admins on the same system(and using ldap). I've become a big fan of using the Ubuntu method(no root passwod set everyone up in the sudoers file). I'm aware of one big problem with this(lets say the ldap server crashes). Are there others. I've been trying to push for more sudoers usage here, but am wondering what draw backs others have found.
Kyle ps I also recommend looking into pam_access /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
