Michael Ströder <michael(a)stroeder.com> wrote on 2014/09/25 15:25:03:
Joakim Tjernlund wrote:
>> Joakim Tjernlund wrote:
>>> How is local root pw any different than domain pw? In your view
>>> root access is a big nono so sssd should also enforce no
> login in
>>> that case.
>> Yes, remote root password is a big no-no. Because it would be
>> on all
>> systems at once circumventing most security mechanisms.
> You missed the point. You claim remote root is a nono yet you suggest
> login remotely with local root pw.
You're missing the point. Especially I did *not* suggest to login
with local root pw.
I'd recommend to establish proper operational procedures.
It's your job to develop those for your system environment.
Yes, it is "my" job, not sssd's. Currently sssd dictate that no system
should be allowed to login as root, no matter what.