#> I work in an environment with 30+ offsite HACMP clusters, each with it's own
#> root password, in addition to the variety of standalone systems and
#> workstations. Sudo is a good way to do my job without having to carry around
#> a two page printout of root passwords.
#So if someone gets your user's passwd, they can access root on ALL 30
#systems. That seems less secure. One passwd crack gets root to
#30 systems, not just one (or possibly 2-8 if .rhosts still on servers).
That's a tradeoff. Beats them getting root to all those systems grabbing
a password list (I've seen some of my coworkers with the password list
folded up in their badge holders, others keep it in a notebook on their
desk, etc). In a pinch, I can have my lead admin disable all my logins
with one quick script, if necessary (or I can, if I can get a connection
I trust to our management workstation). Seeing that you're at IBM
Austin, implementing sudo was one of the big security requirements
when the data center I worked at was acquired by Global Services. As
far as I know, my business unit is still using the instructions/explanation
form I wrote for them on how to implement it and such, since I was the first
person in our business unit to get it, compile it, and implement it on any
# - Matt
# AIX and HACMP Certified Specialist | | / \ |\| | \. ,_| ` o O '
# / Comments, views, and opinions \ | |_/ ^ \| | ) | | x
# \ are mine alone, not IBM's. / |___|/~\_\_|\|__/|_| \___/