[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: shared root account

On Mon, 09 Jul 2001, Jason Healy wrote:

> About the best you can hope for is to log to another machine (so
> sudoers can't hose your logfiles), and be vigilant about checking what
> they do.
> 
> Anyway, to your point about passwords, I say again (do we detect a
> theme?): use PAM and make them use a different password for sudo.  If
> you want to get real draconian, you can make them use OTP (one-time


These both seem like excellent practices, for the clueless in all of us -
can someone describe how this is done for sudo? How do you configure PAM to
require alternative passwords, which expire and age, and are decent
passwords? And how does one reliably log sudo logs offsite?

Micah
Reply to: