Frank Cox wrote:
On Mon, 28 Jan 2008 22:36:03 -0500
Jim Perrin <jperrin@xxxxxxxxx> wrote:
And above all, because I know many admins slack on this, and I'm
guilty of it as well if it's not forced... ROTATE your passwords
periodically
I have never understood this. If I have a good, strong password that nobody
knows, how is changing it to another one an improvement over what I already
have?
I agree with you.
A company I worked for required rotation of passwords and strong
passwords. We fired one of the sysadmins because he had a problem coming
in to work late.
Take a wild guess at what we found taped to the bottom of his keyboard.
Requiring password rotation increases the occurrences of that issue.
Rotating passwords IMHO should only be done when their is a possibility
that the shadow file has been compromised or an employee with root
access is dismissed on bad terms.
A better thing to do is disable remote root login, be extremely careful
with sudo (it should not be allowed to spawn a shell for any user), and
log to a log server rather than local filesystem.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
