Joakim Tjernlund wrote:
>> Joakim Tjernlund wrote:
>>> How is local root pw any different than domain pw? In your view remote 
>>> root access is a big nono so sssd should also enforce no remote root 
> login in 
>>> that case.
>>
>> Yes, remote root password is a big no-no. Because it would be effective 
>> on all
>> systems at once circumventing most security mechanisms.
> 
> You missed the point. You claim remote root is a nono yet you suggest to 
> login remotely with local root pw. 

You're missing the point. Especially I did *not* suggest to login remotely
with local root pw.

I'd recommend to establish proper operational procedures.
It's your job to develop those for your system environment.


>> I really appreciate sssd denying root completely. Most people concerned 
> about
>> security surely agree.
> 
> But it don't. sssd does not deny remote local root pw logins.

To be more precise what I meant: It does prevent remote root users. And that's
good!

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
sssd-users mailing list
[email protected]
https://lists.fedorahosted.org/mailman/listinfo/sssd-users

Reply via email to