Am 10.12.2019 17:07 schrieb Evan Silberman:
>> Is there a way to placate security(8) that I'm just not seeing? Or is
>> my goal fundamentally misguided for some reason I'm not seeing? The
>> user in this case is semi-trusted (e.g. yes, we'll let you login using
>> an unprivileged account to run bgpctl in pipelines) but not
>> organizationally-trusted (i.e. but that's ALL we want you to do on
>> this system).
>
> Why not assign a long, random password and then not share it with the
> user?
Or put 13 asterisks as "password" in master.passwd(5)
(the case is mentioned explicitly there)
HTH,
--
pb
No comments:
Post a Comment