[ADDENDUM] Preventing application account access

From: Roberts, Blake <broberts_at_ercot.com>
Date: Thu, 15 Aug 2002 13:41:40 -0500

I forgot to mention, I have sudo installed on the system, but I have not found a way for it to prompt me for the password of the administrative account. Since, by default anyway, it prompts for your own password, if the user's password is compromised (by writing it down and leaving it on their desk, etc), there is no way to keep people away from the big accounts.

--Blake


-----Original Message-----
From: Roberts, Blake
Sent: Thursday, August 15, 2002 1:32 PM
To: Tru64-Unix-Managers_at_Ornl. Gov (E-mail)
Subject: Preventing application account access


Folks,

I'm running a Tru64 5.1 PK5 Enhanced Security environment. Per a new (and decent) password policy that is being implemented, I need to restrict the application admin accounts so that they will su from a personal account to the administrative account (such as oracle), similar to what you need to do if root is locked down properly.

My problem is, in base security, if I lock the account, you can log in as a user, then su to it just fine. In enhanced security, you can't do that. It needs to be unlocked to be able to log into it. Does anyone know of a trick, edauth flag, etc, that needs to be set for the account to be able to be su'd to, but not directly logged in to?

Best regards,

--Blake Roberts
UNIX Systems Administrator
ERCOT-Austin
512.225.7178
512.695.5071 (cell)
Received on Thu Aug 15 2002 - 18:41:57 NZST

This archive was generated by hypermail 2.4.0 : Wed Nov 08 2023 - 11:53:43 NZDT