small world.. you must know my boss.. a) describes him perfectly!! :)
whats even more ironic.. is when I approached him about this.. he said "but changing the password on a regular basis sounds like a good idea for security.."
My suggestion to appease your "security minded" boss:
Configure SSH to allow only key-authenticated logins. Once you've done so, the root password is useless for anything except logins at the physical console (at least, that's so unless you've done something else to weaken security) and "su". You can also change "su"s pam configuration if you don't trust users who have ssh access, and don't want the root password to work with that command either (there's an example in the default file that will restrict access to users in the "wheel" group, like most other Unix systems)
With the root password only useful at the physical console, your weak point becomes the physical access to the box, and you can mostly disregard your root password as a security concern. (Be absolutely certain that all of your pam configurations prevent root logins, except for the "login" program)
-- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
