Harry Putnam wrote:
It may have... but it was still possible to have root as an account
and to ssh to root if you set it up in /etc/sshd_config... I've been
doing it since 2008.11 b101
It's only between 118 and 124 that things got more complicated... bringing
Pam in as enforcer I guess. But that too can be circumvented.
I'm really not certain why you're seeing a change in behavior. Perhaps
I'm forgetting an earlier bug that somehow allowed you to directly log
into the root account. In any case, what you're describing is how it was
supposed to behave before.
I just don't get why devs are so hell bent on crippling root account.
Its been around many many yrs.
The key reason behind this change is accountability. Since the root
account may be shared by several people (and we hope it's not anyone's
primary login!), direct login to the root account is anonymous in the
sense that we can't attribute it to a single individual. If the user
logs into his own account first and then assumes the root role, we know
exactly who it was. Furthermore, you can revoke root access at any time
by removing the user's ability to assume the root role, even if he still
knows the root password.
Scott
--
Scott Rotondo
Principal Engineer, Solaris Security Technologies
President, Trusted Computing Group
Phone/FAX: +1 408 850 3655 (Internal x68278)
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
