[Freeipa-devel] command-line arguments
Andrew C. Dingman
adingman at redhat.com
Fri Sep 7 16:45:03 UTC 2007
On Fri, 2007-09-07 at 11:57 -0400, Simo Sorce wrote:
> On Fri, 2007-09-07 at 11:42 -0400, Andrew C. Dingman wrote:
> > On Fri, 2007-09-07 at 11:27 -0400, Simo Sorce wrote:
> Not all systems let you login without the root password even in
> single-user mode.
I don't know of a Linux distribution where I can't get around the
password for maintenance, but I'll have to take your word for it on
other systems.
> > > Also it make it impossible for users to join the machine and keep
> > > themselves control on it. In some enterprises that is not wanted but in
> > > many R&D departments that's a necessity.
> >
> > Sudo solves many problems, including this one. In fact, I run a number
> > of my machines with no root password and all administration done through
> > sudo. The FDA auditors loved that.
>
> I love sudo as well, we are plannig to support it asap with the work on
> policies.
In that case, I think the argument for considering root in IPA is much
weaker. Sudo and no root password at all is a better solution. If you
support sudo through IPA, then any admin who wants to can just remove
the root password from the local system. I had assumed that sudo support
would be a v2 goal.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070907/86a7619f/attachment.sig>
More information about the Freeipa-devel
mailing list