On Thu, 4 Aug 2005, Ken Foskey wrote: > > 1. Setup kerberos authentication. > > 2. Assign to superuser no. 1 - joeblue/[EMAIL PROTECTED] > > 3. Assign to superuser no. 2 - madamblue/[EMAIL PROTECTED] > > > > jobeblue and madamblue are superusers with different ID but similar > > authorization. > > Not two users. One user with two passwords. > > Told you it was strange :-)
I don't know of any system that'll allow exactly that - not *nix, WindoZe, Novell or anything else. One way around this situation, however, it to have a 2 part password. One group knows the first part. The other group knows the second part. Both parts must be entered before root access is permitted. For example. Group one has password FOO Group two has password BAR Root password set to BARFOO User requiring acces as root logs in/SU's, then member from group 2 enters their half of the password, moves away from keyboard, then member from group 1 approaches keyboard and enters their part of the password. I've used this method with complete succes in the past - you obviously make the password parts difficult enough not to be guessed, and complex enough that watching the keyboard of someone who types fast won't be good enough to guess what it is. DaZZa -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
