-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 >>>>> "Jason" == Jason Healy <[EMAIL PROTECTED]> writes:
Jason> Our solution to this (multiple admins on a single box) was to Jason> write the root password (some horribly cryptic thing) down on a Jason> piece of paper and put it in a sealed envelope, which we then Jason> stuck to the machine. The machine was locked in the server room, Jason> so the only people who could get to the root password (and the Jason> console) were the people with keys. If you needed to boot to Jason> single-user, you'd rip open the envelope and use the password. Jason> When you were done, you'd change the password, write it down on a Jason> new piece of paper, and seal in in an evelope. Even better would be to keep the password in a locked box and give the admins keys to the box. And you might want to have the admins sign across the seal of the envelope, so that you'll know if someone broke in, did something nasty, and replaced the password. - -- Hubert Chan <[EMAIL PROTECTED]> - http://www.geocities.com/hubertchan/ PGP/GnuPG key: 1024D/71FDA37F Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key available at wwwkeys.pgp.net. Please encrypt *all* e-mail to me. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7SgO1ZRhU33H9o38RAm/iAJ9VDMkK3F60ETOyfX01va4XeyEjkwCfQDvj DY2SprWlpIhkdnEAVPldm+4= =RZG/ -----END PGP SIGNATURE-----
