[redhat-lspp] LSPP Development Telecon 04/10/2006 Minutes
Klaus Weidner
klaus at atsec.com
Mon Apr 17 16:20:49 UTC 2006
On Mon, Apr 17, 2006 at 09:08:46AM -0600, Stephen John Smoogen wrote:
> In the case of remote administration where logging in as root may be
> prohibited (and usage of 2 factor authentication is wanted) would the
> process be something like?
>
> login as user
> equivalent of sudo to root [the ever popular sudo /bin/bash]
> newrole to secadm_r with new passwd?
>
> or something like
>
> login as user
> sudo -r secadm_r /bin/bash [with 2 password prompts, one for the
> root user, and the second for the role?]
The evaluated configurations tend to use "su" rather than "sudo", but
other than that it sounds about right. Preferably, there should be just
one password prompt, the root password is a bit anachronistic in such a
system.
-Klaus
More information about the redhat-lspp
mailing list