On Wed, 25 Oct 2006, walt wrote: > > ...for that matter, you can give > > root a blank password (so no password is required at all), but only > > allow > > passworded logins on the console. This is what I do... > > Do you mean that *anyone* who walks up to your console > can log in as root? Am I misunderstanding you?
I don't have his answer, but login can stop root logins. See ttys(5) and the getttyent(3) manual pages. If the entry has "insecure" then the ty_status gains TTY_SECURE. And this is checked in the rootterm() function in src/usr.bin/login/login.c by using getttynam(3).