Re: [logs] log review policies

From: Brett G. Lemoine (blat_private)
Date: Wed Oct 17 2001 - 15:51:35 PDT

  • Next message: sween: "RE: [logs] HEAD requests"

    > 
    > On Wed, 17 Oct 2001, Sweth Chandramouli wrote:
    > > MTAs can be run in local-delivery-only mode: I, personally, would
    > > probably opt for a single login mechanism on a secure server, rather
    > > than a push mechanism to get the files to the admin workstations.  It's
    > 
    > Agreed. My intent in asking the question was actually focused more on
    > how the login mechanism should work. Should admin workstations be
    > allowed to log in? Should physical presence on the loghost be required?
    
    IMHO, it's necessary in many cases to permit remote login so that admins
    can do debugging without being physically present (a site staffed 7x24
    might be able to get away without this).  However, the authentication
    mechanism should preferrably not depend on network resources.  E.g.
    home dirs should be local, don't use NIS, etc..  I personally prefer
    a local homedir with a local .ssh/authorized_keys file where the
    associated identity file is sufficiently encrypted.  An exception
    to the local auth requirement may be made if something like SecurID
    is being used to a server on the net.
    
    cheers,
    bl
    -- 
    //====== Brett G. Lemoine -=- <blat_private> ===============================\\
    || Info. Systems Architect |                                                 ||
    ||Core Unix System Services|               I just want revenge.              ||
    ||     Incyte Genomics     |                Is that so wrong?                ||
    ||Palo Alto, CA / Plano, TX|                                                 ||
    |+-------------------------+-------------------------------------------------+|
    \\== PGP Key Fingerprint: 68 A1 2A 2D 82 CE E9 70  5B 80 D1 11 EC F3 FB 85 ==//
    
    
    ---------------------------------------------------------------------
    To unsubscribe, e-mail: loganalysis-unsubscribeat_private
    For additional commands, e-mail: loganalysis-helpat_private
    



    This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 15:53:14 PDT