|
MF_James posted:Someone lied. The more I think about it the more I have to come to the conclusion it was my boss who changed it, couldn't find what he changed it to until now, and reset it back while denying it all. Anyone else would have come clean right away but he can simply not admit to being wrong about the most trivial things. Anyway, now I'm off to make backup admin accounts for all our hosts in case this 'vmware problem' ever happens again.
|
#
?
Feb 23, 2021 13:54
|
|
|
|
| # ? Feb 25, 2021 10:26 |
|
|
Probably a good idea for monitoring to use a different account than people who log in.
|
|
#
?
Feb 23, 2021 14:37
|
|
|
MF_James posted:Someone lied. Always.
|
|
#
?
Feb 23, 2021 15:19
|
|
|
Surely you can pull the age of a password out of whatever system it is, and when it's less than a week old you know it was changed.
|
|
#
?
Feb 23, 2021 16:25
|
|
|
Guy Axlerod posted:Probably a good idea for monitoring to use a different account than people who log in. The more unique accounts the better. One for monitoring and one for each individual person. Its not like accounts cost money, you can have as many as you want
|
|
#
?
Feb 23, 2021 16:35
|
|
|
RFC2324 posted:The more unique accounts the better. One for monitoring and one for each individual person. I’d argue that local admin and monitoring are the only local accounts you should be making. While I agree that every user of a system should have their own account, it needs to be hooked up to an identity store like AD
|
|
#
?
Feb 23, 2021 16:47
|
|
|
The Fool posted:I’d argue that local admin and monitoring are the only local accounts you should be making. Fair. I'm used to the linux world where writing a script to go through all the servers and add the missing lines to passwd is still sometimes a thing. I spent 10 minutes last night trying to ssh into a windows server  I didn't feel nearly as bad when a coworker and the MOD did the se thing, tho
RFC2324 fucked around with this message at 16:54 on Feb 23, 2021 |
|
#
?
Feb 23, 2021 16:50
|
|
|
RFC2324 posted:Fair. eh it's not like MODs knew
|
|
#
?
Feb 23, 2021 18:34
|
|
|
RFC2324 posted:The more unique accounts the better. One for monitoring and one for each individual person. My personal stance is to never create user accounts but to hook as many systems to the central auth hierarchy(ldap/saml/etc) to limit password oversimplification(if you need to remember ten passwords it’s unlikely you will make them all complex and different). VMware supports ldap on both hosts and vCenter and saml on vCenter. Use a restricted service account for logging and reporting, set up the local root/administrator to a overly complex pass stored on safe and set up everyone with their standard users as admins.
|
|
#
?
Feb 23, 2021 19:17
|
|
|
SlowBloke posted:My personal stance is to never create user accounts but to hook as many systems to the central auth hierarchy(ldap/saml/etc) to limit password oversimplification(if you need to remember ten passwords it’s unlikely you will make them all complex and different). like I said before, I come from linux where just doing it in passwd is still an accepted thing, particularly when you are dealing with hosted services. Place I worked a little while back had a script that would iterate through the entire 10-15k server global list of N*X servers updating passwd, group, and sudoers files. it was nuts
|
|
#
?
Feb 23, 2021 19:46
|
|
|
At least it updated them and kept things consistent
|
|
#
?
Feb 23, 2021 19:51
|
|
|
|
| # ? Feb 25, 2021 10:26 |
|
|
Thanks Ants posted:At least it updated them and kept things consistent oh yeah, it was pretty good, and way better than the LDAP implementation used by a handful of boxes in germany. Why would you set up an AD server to be the LDAP server for a unix farm, instead of an LDAP server that happened to be referenced by a small handful of windows boxes?
|
|
#
?
Feb 23, 2021 19:54
|
|