[Linux-cluster] Testing a fence program
John Anderson
johnha at ccbill.com
Tue Aug 22 21:01:05 UTC 2006
It's not really the ssh solution via keys that's the problem, it's
allowing root to login via ssh that the problem. That is strictly
prohibited. Xm destroying a host requires root access. We cannot su
to xm destroy after we login as a non root user for obvious reasons.
Sudo is right out of the question in our environment. I'm not even
going to try to mix up GRSecurity RBAC policies and sudo policies, etc
________________________________
From: linux-cluster-bounces at redhat.com
[mailto:linux-cluster-bounces at redhat.com] On Behalf Of Patton, Matthew
F, CTR, OSD-PA&E
Sent: Tuesday, August 22, 2006 1:52 PM
To: 'linux clustering'
Subject: RE: [Linux-cluster] Testing a fence program
Classification: UNCLASSIFIED
John Anderson wrote:
> Since my security department frowns strongly on authentication by ssh
> key
Can you elaborate on what their problems are? Is the security department
staffed by the clueless?
Because the whole SOAP solution while downright creative, is so
unnecessary.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20060822/97c2bd5f/attachment.htm>
More information about the Linux-cluster
mailing list