Security of using sudo rather than su?

[Derek Broughton]

Tony Arnold wrote:

> But then there is the human element, as always! The stricter the policy,
> the more likely it is that users will forget their passwords thus
> potentially creating more calls to the support desks,

This is good.  If all my users created good passwords that they occasionally
needed to get reset, because they forget them, I'd be a happy security
admin.

> or will write them 
> on a Post-It (tm) note and stick it on their monitor

This is the real problem (the diligent ones put the post-it on the bottom of
their keyboard).  Everybody figures that it would take too long to get
support to reset their password, or they're just too embarrassed to ask
(especially if they think the tech support will actually look and find the
password they've forgotten, because it's almost always too cute or too
rude!).
-- 
derek