Re: PowerBroker

From: Michael Vilain (vilain@spamcop.net)
Date: 03/28/03 

From: "Michael Vilain <vilain@spamcop.net>"
Date: Thu, 27 Mar 2003 23:35:53 -0800

In article <2b206b.avt.ln@news.heiming.de>,
 Michael Heiming <michael+USENET@www.heiming.de> wrote:

> aos <aosacg@yahoo.com> wrote:
>
> > I am considering Powerbroker from Symark to manage Root access and Sys
> > Admin privileges on my Solaris environment. Did anyone try it? I
> > appreciate any feedback.
>
> Never heard of. But from a short look, it doesn't look like one couldn't
> achieve most things with sudo (http://www.sudo.ws/sudo/), which is free
> and comes with source.

A contract I last worked at didn't like sudo because it couldn't be
setup to be a single environment. It also didn't allow "safe" editing
of files or complete logging of privileged terminal sessions to a
central site. True, you can do most of these things with sudo on a
single system, but management wanted a centralized privilege system so
that they didn't have to give out root to the entire systems group.
Only a small set of managers would have it or it would be written down
in a safe that the on-call manager could access.

Powerbroker would give systems people (about 10) the ability to do root
things from their non-root accounts and leave an audit trail. The only
time this wouldn't work is when the network connection is down to the
Powerbroker server, then the safe is opened.

If you don't need this level of root auditing, sudo will do you just
fine. 

-- 
DeeDee, don't press that button!  DeeDee!  NO!  Dee...