Joakim Tjernlund wrote:
Joakim Tjernlund wrote:
How is local root pw any different than domain pw? In your view remote root access is a big nono so sssd should also enforce no remote root
login in
that case.
Yes, remote root password is a big no-no. Because it would be effective on all systems at once circumventing most security mechanisms.
You missed the point. You claim remote root is a nono yet you suggest to login remotely with local root pw.
You're missing the point. Especially I did *not* suggest to login remotely with local root pw.
I'd recommend to establish proper operational procedures. It's your job to develop those for your system environment.
I really appreciate sssd denying root completely. Most people concerned
about
security surely agree.
But it don't. sssd does not deny remote local root pw logins.
To be more precise what I meant: It does prevent remote root users. And that's good!
Ciao, Michael.