Joakim Tjernlund wrote: >> Joakim Tjernlund wrote: >>> How is local root pw any different than domain pw? In your view remote >>> root access is a big nono so sssd should also enforce no remote root > login in >>> that case. >> >> Yes, remote root password is a big no-no. Because it would be effective >> on all >> systems at once circumventing most security mechanisms. > > You missed the point. You claim remote root is a nono yet you suggest to > login remotely with local root pw.
You're missing the point. Especially I did *not* suggest to login remotely with local root pw. I'd recommend to establish proper operational procedures. It's your job to develop those for your system environment. >> I really appreciate sssd denying root completely. Most people concerned > about >> security surely agree. > > But it don't. sssd does not deny remote local root pw logins. To be more precise what I meant: It does prevent remote root users. And that's good! Ciao, Michael.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
