Anonymous_User Absent Member.
Absent Member.
775 views

Admin account(s)

Just wondering what is everyone's opinion on this. Is it better to have
one admin account that all service uses or an admin account for each
service and then try best to not use the admin account? What are the
pros and cons of each method? What would be a good reason to go with one
method over the other?

Nuri
Labels (2)
0 Likes
8 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Admin account(s)

You should have multiple admin accounts. Having one admin account for the
entire TREE is a bad design. It that account gets deleted or corrupted you will
need to contact Novell Technical Support for assistance or obtain 3rd party
utility from the web. That can be avoided by having multiple admin accounts.
Keep in mind, the word 'admin' is not a requirement for an admin account. As
long as the user object has 'S' rights to the root, it is a 'admin account.


--
Edison Ortiz
Novell Product Support Forum SysOp
(No Email Support, Thanks !)
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Admin account(s)

On Tue, 27 Feb 2007 16:31:39 -0800, Edison Ortiz <eortiz@nscsysop.com>
wrote:
[...]

> As long as the user object has 'S' rights to the root, it is a'admin
> account.


Any thoughts about accounts for add-on packages? They should have their
own account, and it should not be 'S' at the root?

/dps

--
Using Opera's revolutionary e-mail client: http://www.opera.com/m2/
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Admin account(s)

On 2/27/2007 Dave Schneider wrote:

> Any thoughts about accounts for add-on packages? They should have their own
> account, and it should not be 'S' at the root?


It depends on the application. For instance, a backup software will need
necessary rights to backup all files in the server as well as eDirectory
objects. Having the 'S' at the root would help on this case. Therefore, the
answer to your question is: "it depends".


--
Edison Ortiz
Novell Product Support Forum SysOp
(No Email Support, Thanks !)
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Admin account(s)

I use multiple accounts now. For example, emadmin for email admin access
processes.

It helps, if say...you have a particular service locking the admin account
every 15 minutes. 🙂


"Nuri Inuki" <howard.yuan@spam.valence.com> wrote in message
news:yN3Fh.2173$ra4.1768@prv-forum2.provo.novell.com...
> Just wondering what is everyone's opinion on this. Is it better to have
> one admin account that all service uses or an admin account for each
> service and then try best to not use the admin account? What are the pros
> and cons of each method? What would be a good reason to go with one method
> over the other?
>
> Nuri



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Admin account(s)

Craig wrote:
> I use multiple accounts now. For example, emadmin for email admin access
> processes.
>
> It helps, if say...you have a particular service locking the admin account
> every 15 minutes. 🙂
>
>


LOL~! That's what I'm thinking. I mean, of course me and my boss'
account are admin accounts as well, but...we're sitting here debating on
whether each service should have their own accounts because our admin
accounts are being locked out every 15 minutes right now and we have no
idea who's doing it. LOL. 😛
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Admin account(s)

Then I would suggest you start by creating unique admin accounts for common
services. That'll narrow it down to some bizarre leftover application that
you forgot was installed.


Then when you find out, tell me!! 🙂
"Nuri Inuki" <howard.yuan@spam.valence.com> wrote in message
news:IolFh.2702$ra4.1314@prv-forum2.provo.novell.com...
> Craig wrote:
>> I use multiple accounts now. For example, emadmin for email admin access
>> processes.
>>
>> It helps, if say...you have a particular service locking the admin
>> account every 15 minutes. 🙂
>>
>>

>
> LOL~! That's what I'm thinking. I mean, of course me and my boss' account
> are admin accounts as well, but...we're sitting here debating on whether
> each service should have their own accounts because our admin accounts are
> being locked out every 15 minutes right now and we have no idea who's
> doing it. LOL. 😛



0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Admin account(s)

Nuri Inuki wrote:
> Craig wrote:
>> I use multiple accounts now. For example, emadmin for email admin
>> access processes.
>>
>> It helps, if say...you have a particular service locking the admin
>> account every 15 minutes. 🙂
>>
>>

>
> LOL~! That's what I'm thinking. I mean, of course me and my boss'
> account are admin accounts as well, but...we're sitting here debating on
> whether each service should have their own accounts because our admin
> accounts are being locked out every 15 minutes right now and we have no
> idea who's doing it. LOL. 😛


If you have Nsure audit setup auditing on intruders.
or use good old nlist.
nlist User=admin SHOW "last intruder address"
Get the IPaddress then you ca find it out via DNS/DHCP if it is a user
or server application. That will depend on how well you manange DNS/DHCP
as well.
You could just do a rarp on the address that should give you a name.
ping -a x.x.x.x should reveal the name on a windows platform
Jeff
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Admin account(s)

DrumDude wrote:
> Nuri Inuki wrote:
>
> If you have Nsure audit setup auditing on intruders.
> or use good old nlist.
> nlist User=admin SHOW "last intruder address"
> Get the IPaddress then you ca find it out via DNS/DHCP if it is a user
> or server application. That will depend on how well you manange DNS/DHCP
> as well.
> You could just do a rarp on the address that should give you a name.
> ping -a x.x.x.x should reveal the name on a windows platform
> Jeff


If only it's that easy. It bounces around between Windows system. But,
I've figured it out now. It's my Windows Domain emulation that I set up
on Netware that's doing it. Once I shut down CIFS, it no longer locked
out the admin account. 🙂
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.