[8514] in athena10
Re: [Debathena] #454: warn that changing root's password on
daemon@ATHENA.MIT.EDU (Debathena Trac)
Sun Sep 25 17:46:28 2011
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
From: "Debathena Trac" <debathena@MIT.EDU>
Cc: debathena@mit.edu
To: geofft@mit.edu, jdreed@mit.edu
Date: Sun, 25 Sep 2011 21:46:20 -0000
Reply-To:
Message-ID: <052.01fb5e80bcc9b0d8172a8e910f6efa8d@mit.edu>
In-Reply-To: <043.aba9c7959382b85e45aeb04d2ef8db2a@mit.edu>
Content-Transfer-Encoding: 8bit
#454: warn that changing root's password on clusters is pointless-------------------------+--------------------------------------------------
Reporter: geofft | Owner:
Type: enhancement | Status: new
Priority: low | Milestone: The Distant Future
Component: -- | Keywords:
See_also: |
-------------------------+--------------------------------------------------
Comment(by geofft):
> I'm not entirely sure how to do this conditionally (i.e. for only root).
You can do it with pam_succeed_if chaining to pam_echo (look at scripts'
PAM configuration, or possibly Debathena's, even), it's not that hard. I
can show someone how to abuse PAM if they're interested in doing this.
> I also don't know why/if we care. Users are welcome to change root's
password to whatever they want. There is no legitimate reason to do so, so
I'm not sure why we should help them.
Right, the purpose of this is to warn them that you can't actually
successfully privatize a cluster machine by changing the password and
assuming that no one else will them be able to use it, or something.
-- Ticket URL: <http://debathena.mit.edu/trac/ticket/454#comment:3>Debathena <http://debathena.mit.edu/>MIT Debathena Project
