[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: user created at install added in sudoers ?



On Tue, Jun 19, 2007 at 02:23:18PM +0930, n0dalus wrote:

> A better way of giving users this kind of access is to allow the
> password to go from user -> root to be set to a different password
> than their usual login password (which would be essentially the same
> as having a second user). This could be implemented with a pam module,
> so users trying to sudo are not asked for their own password but a
> second password they set (and any dialogue would be clearly labelled
> to make clear which password was being asked for). This could then be
> integrated into consolehelper.

My prefered way to do this is with user/root kerberos principals with
strong complexity requirements for the password and the requirement to
change it every few months. Hardly something to use in a desktop or a
laptop though.

Kostas


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]