directory services and root/sudo access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

This is perhaps a more general security question.  For those of you with a directory services installation, do you install a generic local user with sudo access in case directory services is not available?  Or do you just beef up your directory services to the point that you are confident it will almost always be up?

I usually disable root login via ssh, but allow it from the physical console, and make an emergency generic account with sudo privs in case DS breaks down.  What I've noticed, however, is if I simulate a directory services failure, ssh logins with this generic local account take an eternity as the server still tries to auth that user against ldap/kerberos first.  I'm sure this could be adjusted in pam in some way.

I was just curious how other admins approach this, and what level of trust they place in directory services being available.

--
-- -
Iain Morris
iain.t.morris@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux