<quote who="Glenn Faden"> > The way this is addressed in Trusted Extensions is that the Fail Safe > login option is modified to present an su command. If you are authorized > to assume the root role, and you enter the root password, you have a > root terminal, even if you're normal login would fail. For example, in > TX, normal user's can start arbitrary processes in the global zone as > themselves, but they can still do a Fail Safe login into the global zone > and su to root.
How does TX (and how would this new method) handle centrally administered accounts when/if the centralized service goes away? If the LDAP/PowerBroker/KEON/whatever process dies, or the network is not accessible, and you have to log in as root to fix things. How do you do that if there are no local accounts? Or, does this mean you always have to have at least one local account, which in a large corporate environment, means you might just as well have a root account? -spp -- Stephen Potter <spp at unixsa.net> Director, LOPSA Executive Board <http://www.lopsa.org> Support Open Solaris <http://opensolaris.org/> "I have come to the conclusion that one useless man is a disgrace, two useless men are a law firm, and three are a congress." - John Adams
