Michael Ströder michael@stroeder.com wrote on 2014/09/25 15:25:03:
Joakim Tjernlund wrote:
Joakim Tjernlund wrote:
How is local root pw any different than domain pw? In your view
remote
root access is a big nono so sssd should also enforce no remote root
login in
that case.
Yes, remote root password is a big no-no. Because it would be
effective
on all systems at once circumventing most security mechanisms.
You missed the point. You claim remote root is a nono yet you suggest
to
login remotely with local root pw.
You're missing the point. Especially I did *not* suggest to login
remotely
with local root pw.
I'd recommend to establish proper operational procedures. It's your job to develop those for your system environment.
Yes, it is "my" job, not sssd's. Currently sssd dictate that no system ever should be allowed to login as root, no matter what.
Jocke