|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
While I'd not recommend direct root logins, I think you can ssh to each
machine and use the
--stdin parameter to passwd to change the passwords. Since you're going
to touch every machine
anyway to change root passwords, consider brokering root access with
sudo. Then nobody will
need to know the root password, no remote root logins, and if someone
must leave the "root fold"
you don't need to change a whole bunch of passwords all over the place.
When root privileges are
revoked for a user, you just remove them from the wheel group (or what
ever group implies
their advanced access).
IMO it's worth consideration.
Andy
W. Chris Shank wrote:
>I have a centralized LDAP for my network. I'd like to change each machines local root password so that it is the same as the LDAP root. right now, users can login as root with either the LDAP root password OR the local root password. Since everyone knows the local root passwords, there is not control over who can login as root. Is there a way to force passwd to only change the local passwd?
>
>
>
>
--
Andrew Libby
alibby@philadelphiariders.com
http://philadelphiariders.com/
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|