On 11/30/2016 02:47 PM, Michael Ströder
Mario Rossi wrote:
I understand your pain, I have the same issue. We have a local emargency user
in /etc/passwd and initially when we deployed servers everything was good.
And then people started to use emergency user on a daily basis
1. Make sure there's an organizational process to provide the credentials needed
for the emergency users and revoke the credentials afterwards.
Emergency users should be used when LDAP fails and there is no
other way to get access to the box via ssh. I can recall an
incident a few years ago where an admin deleted the
bigip_monitoring user thinking that the account is not used. You
would think that people would be able to tell what the user is
being used for :) In this case the LB took down the ldap farm and
emergency user was a savior until the user had been restored.
instead of their ldap accounts to bypass any ldap restrictions or
misconfiguration of the servers.
2. Make sure everything else works as expected for your users in daily life.
sssd-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to email@example.com