AW: AW: two men rule (sudo/su)
I think remote confirmation is not a must.
Let me explain, a small example:
you are person A. Your friend is another admin called B. You have another friend in your team called Z. Normal changes at firewall system are made by you and admin B with four-eye principle. You make a change and admin B acknowledge the change.
Now, admin B is at holiday and a change is made by you and admin Z now does the acknowledge.
The same is when you (admin A) is at holiday, then admin B and admin Z now make the change at firewall system.
Uwe
Von: julien [mailto:julien@nura.eu]
Gesendet: Mittwoch, 10. Juli 2013 14:08
An: debian-enterprise@lists.debian.org
Betreff: Re: AW: two men rule (sudo/su)
Le 2013-07-10 13:58, Büschel a écrit :
> Four-eye principle is a mechanism that require a second person (auth)
> to make a change on a system.
> See here: http://en.wikipedia.org/wiki/Two-man_rule
Two person on the same keyboard ? or remote confirmation ?
>
> @Mark: Thanks for the tip with the Google authenticator but this is
> only a two factor authentication (password and code), I need to
> implement a real two-men-rule.
>
> Uwe
>
> Von: julien [mailto:julien@nura.eu]
> Gesendet: Mittwoch, 10. Juli 2013 13:03
> An: debian-enterprise@lists.debian.org
> Betreff: Re: two men rule (sudo/su)
>
> What is a four-eyes principle ?
>
> With "screen" you can watch the same session : you see other people
> moving cursor in text editor for example.
>
> Julien
>
> Le 2013-07-10 12:30, Büschel a écrit :
>> Hi!
>>
>> Is there any way to implement a "2 men rule" (four-eyes principle) in
>> debian/linux e.g. for sudo or su?
>>
>> Thanks.
>> Uwe
--
To UNSUBSCRIBE, email to debian-enterprise-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: [🔎] 1628dc7894feded541deb1d4de62e9f7@127.0.0.1nura.eu">http://lists.debian.org/[🔎] 1628dc7894feded541deb1d4de62e9f7@127.0.0.1nura.eu
Reply to: