[SunHELP] root passwd expired
Steve Sandau
ssandau at gwi.net
Wed Nov 30 14:37:03 CST 2005
>> We now have a console server so I can get to the console and aviod
>> stuff like this.
>
>
> Graphical or serial? Can anyone confirm that it will work on the
> latter? I do not believe in heads and keyboards on Suns.
Cyclades serial console server (actually runs embedded Linux) that is
accessible over the network. Yes, you can change root password there; it
is just a serial connection as far as the OS knows.
>
>>> I have to say that I have been quite tempted to make root "*NP*"
>>> on the Solaris 9 boxes and then just install public keys for each
>>> of us that have to admin the boxes, but I know that on some
>>> bloody horror story day I'd regret that choice.
>>
>> I'd rather not have anyone logging in directly as root on the boxes
>> I admin. In fact, I think the "rules" may forbid that expressly.
>
> Sometimes you have to though, depending on what's going on with the
> box. <knocks wood> Haven't had but a couple of those here.
To log in as root you need to be on the console with our machines, but a
root login is avaliable nonetheless.
>
>> Only thing I have done is write on the calendar the next time we
>> need to change the root password. I guess you could set up a cron
>> to email you once every password-change-period or something like
>> that. Maybe I'll look into that: an email when the password
>> expiration is 10 days away or something.
>
>
> That's what we are doing now. Quite easy with a shell script if you
> have Gnu tools installed, with base Solaris, the only method we found
> was with Perl.
Yes, I noticed that the Solaris 'date' command does not take +%s like
gnu date does.
Oh, and expiring the root password gives us the advantage of obeying the
DON rules as implemented here.
Steve
More information about the SunHELP
mailing list