Michael Ströder <michael(a)stroeder.com> wrote on 2014/09/25 15:25:03:
Joakim Tjernlund wrote:
>> Joakim Tjernlund wrote:
>>> How is local root pw any different than domain pw? In your view
remote
>>> root access is a big nono so sssd should also enforce no
remote root
> login in
>>> that case.
>>
>> Yes, remote root password is a big no-no. Because it would be
effective
>> on all
>> systems at once circumventing most security mechanisms.
>
> You missed the point. You claim remote root is a nono yet you suggest
to
> login remotely with local root pw.
You're missing the point. Especially I did *not* suggest to login
remotely
with local root pw.
I'd recommend to establish proper operational procedures.
It's your job to develop those for your system environment.
Yes, it is "my" job, not sssd's. Currently sssd dictate that no system
ever
should be allowed to login as root, no matter what.
Jocke