Re: AW: two men rule (sudo/su)

To: Büschel, Uwe <Uwe.Bueschel@inter-forum.de>
Cc: "debian-enterprise@lists.debian.org" <debian-enterprise@lists.debian.org>
Subject: Re: AW: two men rule (sudo/su)
From: "Jorge A. Secreto" <jorgesecreto@gmail.com>
Date: Wed, 10 Jul 2013 15:51:42 -0300
Message-id: <[🔎] CAJx9gihbx8Dx-0_xjNtfyS97Jgc0QXzf4Nz9_Y-0dn1kdpLTEA@mail.gmail.com>
In-reply-to: <[🔎] CE74614350E06E4EB93460BAEB072BFC163FB0312F@nt-mail02.inter-forum.de>
References: <[🔎] CE74614350E06E4EB93460BAEB072BFC163FB0312B@nt-mail02.inter-forum.de> <[🔎] af9a6311b53080c1aeb79b764a7c56d8@127.0.0.1nura.eu> <[🔎] CE74614350E06E4EB93460BAEB072BFC163FB0312C@nt-mail02.inter-forum.de> <[🔎] 1628dc7894feded541deb1d4de62e9f7@127.0.0.1nura.eu> <[🔎] CE74614350E06E4EB93460BAEB072BFC163FB0312F@nt-mail02.inter-forum.de>

2013/7/10 Büschel, Uwe <Uwe.Bueschel@inter-forum.de>:
> I think remote confirmation is not a must.
> Let me explain, a small example:
> you are person A. Your friend is another admin called B. You have another friend in your team called Z. Normal changes at firewall system are made by you and admin B with four-eye principle. You make a change and admin B acknowledge the change.
> Now, admin B is at holiday and a change is made by you and admin Z now does the acknowledge.
> The same is when you (admin A) is at holiday, then admin B and admin Z now make the change at firewall system.

Hi
Just a dirty solution:a compounded password. A knows 1st half password
and B knows the second. Before B goes to holiday, change the password
to one known by A and Z, and so on.
Very bad idea?


>
> Uwe
>
> Von: julien [mailto:julien@nura.eu]
> Gesendet: Mittwoch, 10. Juli 2013 14:08
> An: debian-enterprise@lists.debian.org
> Betreff: Re: AW: two men rule (sudo/su)
>
> Le 2013-07-10 13:58, Büschel a écrit :
>> Four-eye principle is a mechanism that require a second person (auth)
>> to make a change on a system.
>> See here: http://en.wikipedia.org/wiki/Two-man_rule
>
> Two person on the same keyboard ? or remote confirmation ?
>
>
>>
>> @Mark: Thanks for the tip with the Google authenticator but this is
>> only a two factor authentication (password and code), I need to
>> implement a real two-men-rule.
>>
>> Uwe
>>
>> Von: julien [mailto:julien@nura.eu]
>> Gesendet: Mittwoch, 10. Juli 2013 13:03
>> An: debian-enterprise@lists.debian.org
>> Betreff: Re: two men rule (sudo/su)
>>
>> What is a four-eyes principle ?
>>
>> With "screen" you can watch the same session : you see other people
>> moving cursor in text editor for example.
>>
>> Julien
>>
>> Le 2013-07-10 12:30, Büschel a écrit :
>>> Hi!
>>>
>>> Is there any way to implement a "2 men rule" (four-eyes principle) in
>>> debian/linux e.g. for sudo or su?
>>>
>>> Thanks.
>>> Uwe
>
>
> --
> To UNSUBSCRIBE, email to debian-enterprise-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> Archive: [🔎] 1628dc7894feded541deb1d4de62e9f7@127.0.0.1nura.eu">http://lists.debian.org/[🔎] 1628dc7894feded541deb1d4de62e9f7@127.0.0.1nura.eu
>



-- 
Jorge A Secreto
Analista de Sistemas
MP 361

Reply to:

References:
- two men rule (sudo/su)
  - From: Büschel, Uwe <Uwe.Bueschel@INTER-FORUM.DE>
- Re: two men rule (sudo/su)
  - From: julien <julien@nura.eu>
- AW: two men rule (sudo/su)
  - From: Büschel, Uwe <Uwe.Bueschel@INTER-FORUM.DE>
- Re: AW: two men rule (sudo/su)
  - From: julien <julien@nura.eu>
- AW: AW: two men rule (sudo/su)
  - From: Büschel, Uwe <Uwe.Bueschel@INTER-FORUM.DE>

Prev by Date: AW: AW: two men rule (sudo/su)
Next by Date: Re: AW: AW: two men rule (sudo/su)
Previous by thread: AW: AW: two men rule (sudo/su)
Next by thread: Re: AW: AW: two men rule (sudo/su)
Index(es):
- Date
- Thread