On Wed, Feb 04, 2015 at 03:06:27PM -0500, John Stoffel wrote: > > Guys, > > I'm working in a mixed team of Sysadmins who are merging a bunch of > subsidiaries into one central IT organization. I'm looking > proactively for a better way to manage credentials and such and ran > across this article. What do people think? > > http://www.linuxjournal.com/content/sharing-admin-privileges-many-hosts-securely > > I think it makes some really good points, but might possibly be too > much hassle for people, and doesn't talk about how it integrates into > other devices, but it's a first step in alot of good ways to me. > > What would you do? And ideally you won't spend money, or much money > at all.
I'm screaming in fright from the first paragraph. They have a complex security scenario, and instead of re-engineering it to meet their requirements, they are plastering a new layer of spackle on top and hoping it holds together. People with root access who are not trustworthy are a big problem. People who have access to machines that they should *not* have access to, are a problem. It may be helpful to remember that sudo can read privileges from LDAP? And ssh, of course. Or /etc/sudoers and /etc/sshd_config can be handled by your config management tool of choice. -dsr- _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
