From owner-freebsd-security  Fri Dec  8  7: 4:54 2000
From owner-freebsd-security@FreeBSD.ORG  Fri Dec  8 07:04:53 2000
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from east.isi.edu (east.isi.edu [38.245.76.2])
	by hub.freebsd.org (Postfix) with ESMTP id 6DE0637B400
	for <security@FreeBSD.ORG>; Fri,  8 Dec 2000 07:04:52 -0800 (PST)
Received: from ipce-adm.east.isi.edu (ipce-adm.east.isi.edu [38.245.76.213])
	by east.isi.edu (8.9.2/8.9.2) with ESMTP id KAA23707;
	Fri, 8 Dec 2000 10:04:52 -0500 (EST)
Date: Fri, 8 Dec 2000 10:04:51 -0500 (Eastern Standard Time)
From: Forrest Houston <fhouston@east.isi.edu>
To: Christian Kuhtz <ck@arch.bellsouth.net>
Cc: security@FreeBSD.ORG
Subject: RE: toor account
In-Reply-To: <NEBBJKIJGLMGELMBGHEOOEHICHAA.ck@arch.bellsouth.net>
Message-ID: <Pine.WNT.4.10.10012080958150.-531279@ipce-adm.east.isi.edu>
X-X-Sender: fhouston@ale.east.isi.edu
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Personally I've found the toor account helpful on "shared" machines.  So
if there a group that has primary sysadmin responsibility for the machine
they get the root password.  However as the network admin there might be
times things need to change/fix something so the netadmin has the toor
password.  That way each group can use their own password schemes, which
will also hopefully eliminate the need for password lists.

Just a thought
Forrest

On Fri, 8 Dec 2000, Christian Kuhtz wrote:

> 
> Sorry, no coffee yet. Let's try this again.
> 
> Inconsistent site policy is a bad practice.  Choose one.  Worse, never have
> two
> role accounts for the same function.
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message