On Sun, Aug 20, 2006 at 12:38:43PM +0100, Kostas Georgiou wrote: > Not to mention that kerberos/ldap/nis/whatever might be down so user > logins might not be available. This is a fine argument for setting up key-based access. > In any case wouldn't it better to start using pam_access by default in > system_auth and block root logins if you want there? I don't see why sshd > should be treated differently than other tools in the system. What'dya mean? Right now, ssh is the one treated differently. Compare, for example, gdm.conf, which is set to "AllowRemoteRoot=false". > Anaconda, authconfig can ask questions at install time like: > Allow root logins: [X] Local, [] Everywhere, [] By domain ..., etc. > Allow user logins: [] Local, [X] Everywhere, [] By domain ..., etc. > and setup an access.conf file. I really don't think more questions is the answer. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
