-
Type:
Task
-
Status: Open (View Workflow)
-
Priority:
Normal
-
Resolution: Unresolved
-
Component/s: None
-
Labels:None
As it stands, the pfs user at Subaru is not authenticated though LDAP, but though /etc/
{passwd,group}. The ids do match (2085:2085).
The reasoning is that we need some "emergency" login which depends as little as possible on network infrastructure. From that account, one can sudo.
I, personally, do not like this. I believe we should allow remote root ssh logins (key only), and have the pfs user be like all others. If there is a problem bad enough that LDAP is not available, you want to do any work as root in any case. Requiring sudo with a password decreases security.
Discuss. Decide.