Re: shared root account
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jason" == Jason Healy <firstname.lastname@example.org> writes:
Jason> Our solution to this (multiple admins on a single box) was to
Jason> write the root password (some horribly cryptic thing) down on a
Jason> piece of paper and put it in a sealed envelope, which we then
Jason> stuck to the machine. The machine was locked in the server room,
Jason> so the only people who could get to the root password (and the
Jason> console) were the people with keys. If you needed to boot to
Jason> single-user, you'd rip open the envelope and use the password.
Jason> When you were done, you'd change the password, write it down on a
Jason> new piece of paper, and seal in in an evelope.
Even better would be to keep the password in a locked box and give the
admins keys to the box.
And you might want to have the admins sign across the seal of the
envelope, so that you'll know if someone broke in, did something nasty,
and replaced the password.
Hubert Chan <email@example.com> - http://www.geocities.com/hubertchan/
PGP/GnuPG key: 1024D/71FDA37F
Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F
Key available at wwwkeys.pgp.net. Please encrypt *all* e-mail to me.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----