We are looking for suggestions on how to make root passwords available
when needed in a situation where sys admin duties are shared among
several individuals.
We make use of sudo all we can, but situations can arise when someone absolutely needs the real root password. What we'd like is something
where the principle admin for a host sets the password, then places it
in an escrow situation where everyone can get it in an emergency, but
it becomes immediately obvious that now a second individual knows it
so that it's time for a change.
We're open to both low-tech and high-tech solutions, ranging from
a lockbox with sealed envelopes in the boss's desk to some fancy
encrypted app that e-mails everyone in the world when it gets invoked.
How have others of you solved this?
--
-----------------------------------------------------------------------
David Lawver - speaking for me, not UW-Madison, DoIT, or anyone else dmlawver@facstaff.wisc.edu dlawver@doit.wisc.edu lawvd@world.std.com
"Those who would do away with essential liberties for the sake of a
little safety deserve neither liberty nor safety." - Benjamin Franklin
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (3 / 13) |
Uptime: | 71:43:07 |
Calls: | 6,657 |
Calls today: | 3 |
Files: | 12,203 |
Messages: | 5,332,233 |
Posted today: | 1 |