--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

(Hope this is still useful)

Aside from the specific issues you may face, which will include PAM
(the main thing is to ensure you have a complete /etc/pam.d), the main
thing you really want is some insurance in case there are further
unforseen issues.

First, consider making up a tarball of the system as you're about to
reboot it, and pulling that image down to test somewhere else, if you
can.  Qemu might be helpful here.

Set up a rescue job that will run a little while after your reboot.

Insert this quite early in the rc order, before too much has had a
chance to go wrong.  Have it sleep in the background for a while,
and if a certain file still exists when it wakes up, have it assume
you couldn't get in and do something drastic to increase your
chances of recovery. Perhaps reboot with a very simple (if
insecure) config, or have it fetch shell scripts from an external
URL and run them, or similar, if you can.  Touch the file before
reboot, and make sure you delete that file if you get in ok
afterwards.

You want a way to *see* what's wrong and where it's up to, perhaps
have the same job squirt copies of logfiles and output from ps and
other such things somewhere you can be listening for them.

Having access to another machine nearby (local LAN?) would be very
handy, if you can.

--
Dan.

--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iD8DBQFEpeeDEAVxvV4N66cRAic/AKC/+VhX77Q0YezgvzJRuDs7PLsm8QCg10ZB
KnfgGnItPJrVgJsyNMCXW2I=
=KRaB
-----END PGP SIGNATURE-----

--a8Wt8u1KmwUX3Y2C--