Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!cs.utexas.edu!romp!auschs!awdprime!kleikamp.austin.ibm.com!shaggy
From: shaggy@kleikamp.austin.ibm.com (David J. Kleikamp)
Newsgroups: comp.unix.aix
Subject: Re: root restrictions
Message-ID: <8439@awdprime.UUCP>
Date: 13 Jun 91 13:04:55 GMT
References: <1991Jun12.180648.27815@bnlux1.bnl.gov>
Sender: news@awdprime.UUCP
Organization: IBM AWD, Austin
Lines: 21

In article <1991Jun12.180648.27815@bnlux1.bnl.gov> como@max.bnl.gov (Andrew T. Como) writes:
>
>I need a mechanism to restrict root logins to the console.
>
>If I change the user characteristics "valid TTYs" to the console 
>you can only "su" to "root" from the console. (this is not practical)
>
>		Andrew Como
Okay, I'll ask.

What good is it to restrict root logins to the console if you do allow other
users to su to root from other TTY's?

Anyway, one way of doing this would be to write your own authentication
method.  I've never done this myself, but you define the authentication
methods in the /etc/security/login.cfg file.
-- 
---------------------------------------------------------------------------
David J. "Shaggy" Kleikamp	dave@kleikamp.austin.ibm.com
The content of this posting is independent of official IBM position.
External: uunet!cs.utexas.edu!ibmaus!auschs!kleikamp.austin.ibm.com!dave