 | | | Network wide root passwords | Network wide root passwords 2004-04-01 - By Ryan Finnie
Back
On Thu, 1 Apr 2004, Cannon, Andrew wrote:
> Is there any way we can have a single system admin password over the entire
> network for our IT department to use?
While it is technically possible to manage the root user via nis or ldap,
I would recommend against it.
What I would recommend instead is managing the staff and groups via ldap
or nis, and using sudo. For my setup, the root accounts on the servers
are disabled. Instead, I have an LDAP server with staff in it and several
posix groups. In particular, "sudogods " contains the people who would
normally have root. Then you just put this in the sudoers file on each
machines:
%sudogods ALL=(ALL) ALL
This has an added benefit that you can add or remove people from the list
of people who have the privledge to be superuser on the servers relatively
easily.
RF
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
|
|
|