To accomodate remote support of our systems by trusted people I am
considdering the following facility:
Trusted person calls in and
gets connected to a datacom package that expects
a pgp signed request to be called back
session will be aborted
the request is validated and mailed to sysop (at another system)
the trusted person is called and
again sends a (different) request, pgp signed obviously
this second mesage is also mailed to sysop and
the trusted person is now allowed to work on the system
for a "reasonable" amount of time
>From there on the trusted person is allowed to do anything that she/he would
be allowed to do at the workplace within the building.
Are there any flaws in this design (besides trusting people)?
Any suggestions, comments, ..... ?
Jan-Hein van der Burg
afdeling Systeembeheer-CWD, KNMI
e-mail: jhb @
nl; tel: +31.30.206550
pgp 2.6 public key available