[Info-vax] Job logicals linked to a process
Chris Townley
news at cct-net.co.uk
Fri Jan 8 19:11:22 EST 2021
On 09/01/2021 00:01, Stephen Hoffman wrote:
> On 2021-01-08 23:07:28 +0000, Chris Townley said:
>
>> It was more of a hypothetical, historical thing. I had thought of
>> piping the output from SDA, but I thought there might be any easier
>> way. Not as a means of sharing data, but identifying what a process
>> was - too many shared usernames!
>
> Shared usernames aren't a technical issue.
>
> That's an accountability issue.
>
> Who knows how far a shared password gets.
>
> You can institute accountability on the staff yourself, or notify of the
> risks involved and make management accountable and preferably that in
> writing, or you can end up accountable if (when?) this all goes sideways.
>
> There are various means to establish dedicated logins, whether via
> dedicated ssh sessions with passphrases and certificates, or SYSALF, or
> user-issued logins, or other means of controlling access.
>
> Details and options vary by requirements.
>
> Configurations with shared credentials tend to end badly.
>
All in the past, but we only allowed shared usernames in either totally
read only , or with updates authenticated and logged by other means. The
former had no password, and the second password was well known, but
without tyhe secondary credentials was read only. Worked for years!
Sadly now all in the past
Chris
More information about the Info-vax
mailing list