Root is to *nix as Administrator is to Windows – only worse. You should never logon to Windows using the local Administrator account and the same goes for root on Unix/Linux. In this webinar Rand Franklin Smith will explain why, but more importantly he'll show you how to follow that crucial best practice through the use of sudo – the time-honored administrative application that goes back to 1980.
But unless you have the luxury of 1-server network, sudo by itself is not a complete solution. First there’s the matter of managing sudo policy across multiple systems. But the much bigger problem is identity and authentication and that is most easily explained by another analogy. Randy always preaches that you should avoid the use of local accounts on Windows servers like the plague. Local accounts are so bad for security in so many ways. The very same issues and risks apply to local accounts on Unix and Linux for the same reasons. The difference, though, is that while it’s very easy to solve this on Windows (just use domain accounts) it’s very hard to address on Unix and Linux.
The native technologies for unifying identity and authentication on *nix are NIS and Kerberos. NIS is the very poor sys admin’s directory but any auditor worth their salt will fail an environment using NIS because of unencrypted traffic subject to sniffing and man-in-the-middle attacks among other things. Obviously getting single-signon to Active Directory is the ticket and both AD and *nix support Kerberos and LDAP. This is the other area Randy will look at in the webinar: what does it take to integrate *nix with AD via Kerberos and what do you end up with after doing that?
Date: Thursday May 15th
Time: 11:00 AM EST