> Maintain a single local user account that is assigned > the root role. > Give that user a ridiculously long password, kept in > escrow by your IS > Security department. Now you have a guaranteed path > in via the console > when everything else goes to pot.
Careful: in setups which use a diskless client / AutoClient configs, /export/home, /usr, /var and /opt might all come from different servers. If the system can't bring basic network connectivity up, you're busted. One obvious solution to this might be to create this special account somewhere else. But that's non-standard, and it would require either ad-hoc modification to the system or systems, or an explicit modification to an engineering build, neither of which are optimal solutions. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
