[ On Thursday, March 18, 1999 at 20:11:35 (-0800), Michael Richardson wrote: ]
> Subject: Re: Changing root's shell to /bin/sh 
>
>     Greg> I've seen kerberos used quite effectively to meet such
>     Greg> requirements.
> 
>   Remember: the reason why these are not NIS passwords is because they
> are needed to fix the machine when it breaks.

OK, well that's what wasn't clear to me in your initial post.  In the
situation I'm thinking of the workstation owner (and other non-admins
who need root) gets a Kerberos instance, and the real admin(s) keeps the
*real* local root password secret from the workstation owner and tells
him he'll be shot on the spot if he changes it.

The concept's similar to sudo, except the control is centralized and
there's better auditing (at least in my opinion).

>     Greg> There's also 'sudo', which if used *very* carefully offers
>     Greg> even more finely grained control, but even in general seems
>     Greg> to meet your requirements.
> 
>   Totally fails to authenticate anyone when booting single user.

Let me see here if I understand your requirements.  You want to have a
single-user password prompt at boot time that accepts any of a number of
multiple superuser passwords?  If so, then yes, to do what I've
suggested with sudo would require building sudo into init.  Of course I
don't see how it's going to work in the first place -- init is going to
compare whatever you type to only root's password by default.

If you only want the real "root"s password at the single-user prompt,
then you get that for free with Kerberos....

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>