>>> On Wed, Aug 22, 2007 at 6:32 PM, in message <[EMAIL PROTECTED]>, Rob van der Heij <[EMAIL PROTECTED]> wrote: -sip- > This is not a matter of getting in the way. What does get in the way > is a root password that is known by some people and can be used beyond > their original need to know.
If you let that happen. My prior management did not, unless there was a contractual requirement, in which case all SLAs were null for those particular systems. In all other cases, sudo was sufficient. It's mostly a matter of knowledgeable management who also have some, umm, guts. Mine was, and did. -snip- > And non-encrypted private keys (null passphrase) are evil. Careful. Gabe didn't say he did that. He said he had non-null passphrases. My personal opinion is that any Linux system protected by a z/VM userid/password doesn't _need_ to have a login prompt on the virtual console. Having bash running is just fine. Even so, in absolute terms, that _is_ less secure than having both. Just not meaningfully so, IMO. And just because you have a root password doesn't mean you can't use key pairs as well (as you yourself said you did). Mark Post ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
