Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!chinacat!sequoia!rpp386!jfh
From: jfh@rpp386.cactus.org (John F Haugh II)
Newsgroups: comp.unix.aix
Subject: Re: root restrictions
Message-ID: <19386@rpp386.cactus.org>
Date: 15 Jun 91 04:24:12 GMT
References: <9106132050.AA27815@ucbvax.Berkeley.EDU>
Reply-To: jfh@rpp386.cactus.org (John F Haugh II)
Organization: Lone Star Cat Grill and Sushi Bar, The Republic of Texas
Lines: 20
X-Clever-Slogan: Please send money.  I need another NRA Life Membership.

In article <9106132050.AA27815@ucbvax.Berkeley.EDU> vrbass@atlvmic1.vnet.ibm.com writes:
>>>>I need a mechanism to restrict root logins to the console.
>
>  chuser telnet=false rlogin=false
>
>should do the trick if your other terminals are on the network.
>If you have both network and serial terminals, you're going to
>have to go to the secondary authentication methods mentioned
>earlier.

Secondary authentication methods will not work.  The "auth2"
method does not cause the authentication to fail if the method
exits with a failure code.  In order to do what he is trying
to accomplish you have to have the method be one of the
primary ("auth1") methods.
-- 
John F. Haugh II        | Distribution to  | UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 255-8251 | GEnie PROHIBITED :-) |  Domain: jfh@rpp386.cactus.org
"UNIX signals are not interrupts.  Worse, SIGCHLD/SIGCLD is not even a UNIX
 signal, it's an abomination."  -- Doug Gwyn