[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Question concerning PAM modules and root ...



Hermit Hacker choked and sputtered:
> On Thu, 28 May 1998, Luke Kenneth Casson Leighton wrote:
> > they will get... yes, they will get root access to that machine.
...
> Ack...just as a suggestion, but why not something like for ftpd, where you
> can have an ftpusers file that lists those that *can't* be authenticated
> "offline" can be listed?  something that says no matter what module you
> use, these users *must* be authenticatd against the local password file?

I defer to Luke, who has dealt with the powers of [MS] darkness; but
I've been concerned about similar things.  The folks who install MSW-NT
PCs around here like to leave account/passwords like Sysadmin/Sysadmin
on the PCs, and want those accounts to have authority to hook themselves
up to the Samba "NT Server" [coming soon].  This seems to be in line
with the MS way of doing things.  This will mean, ISTM, that they will
also have limited root access ... with a well-known account name and
password!

With smbpasswd authenticated accounts, rather than passwd authenticated
accounts, couldn't we (a) leave root OUT, and (b) give Sysadmin-like
accounts only sudo-like powers?

Assuming that you have integrated smbpasswd into pamdom.  ;-]

Joe Yao				jsdy@tux.org - Joseph S. D. Yao



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []