Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!romp!auschs!awdprime!greenber.austin.ibm.com!jfh
From: jfh@greenber.austin.ibm.com (John F Haugh II)
Newsgroups: comp.unix.aix
Subject: Re: root restrictions
Message-ID: <8465@awdprime.UUCP>
Date: 13 Jun 91 22:40:34 GMT
References: <1991Jun12.180648.27815@bnlux1.bnl.gov> <8439@awdprime.UUCP>
Sender: news@awdprime.UUCP
Organization: Best Care South of the Red River, LCC, Austin, Republic of Texas
Lines: 18

In article <8439@awdprime.UUCP> shaggy@kleikamp.austin.ibm.com (David J. Kleikamp) writes:
>In article <1991Jun12.180648.27815@bnlux1.bnl.gov> como@max.bnl.gov (Andrew T. Como) writes:
>What good is it to restrict root logins to the console if you do allow other
>users to su to root from other TTY's?

It prevents remote attacks against the system.  Someone can't dialup your
system and pound away on the modem hoping to get the root password.  Even
if they do get the root password, they still can't login.

>Anyway, one way of doing this would be to write your own authentication
>method.  I've never done this myself, but you define the authentication
>methods in the /etc/security/login.cfg file.

See an earlier posting f mine where I describe exactly how to do this.
-- 
John F. Haugh II      |      I've Been Moved     |    MaBellNet: (512) 838-4340
SneakerNet: 809/1D064 |          AGAIN !         |      VNET: LCCB386 at AUSVMQ
BangNet: ..!cs.utexas.edu!ibmchs!auschs!snowball.austin.ibm.com!jfh (e-i-e-i-o)