Re: shared root account
On Mon, 09 Jul 2001, Jason Healy wrote:
> About the best you can hope for is to log to another machine (so
> sudoers can't hose your logfiles), and be vigilant about checking what
> they do.
>
> Anyway, to your point about passwords, I say again (do we detect a
> theme?): use PAM and make them use a different password for sudo. If
> you want to get real draconian, you can make them use OTP (one-time
These both seem like excellent practices, for the clueless in all of us -
can someone describe how this is done for sudo? How do you configure PAM to
require alternative passwords, which expire and age, and are decent
passwords? And how does one reliably log sudo logs offsite?
Micah
Reply to: