|
|
|
|
|
|
by nickodell
4735 days ago
|
|
|
Note that the host never asks the general if anyone was fired. Perhaps someone was fired, and it didn't come up. After all, if somebody asks why this couldn't happen again, you don't say, "We fired the guy who designed this system." You say, "We changed this, this, and this." He talks about implementing a two-man rule, which is an excellent idea. I'm not sure how that's going to work in practice, though. Is there a way to make the linux root password composed of two passwords? |
|
|
This could certainly be done via a custom PAM module. Of course, we should also consider that admins will often have physical access to the systems. I can't think up a purely technical solution to enforce the 2 man rule.