[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSHd



On Sun, Aug 20, 2006 at 12:38:43PM +0100, Kostas Georgiou wrote:
> Not to mention that kerberos/ldap/nis/whatever might be down so user
> logins might not be available. 

This is a fine argument for setting up key-based access.

> In any case wouldn't it better to start using pam_access by default in
> system_auth and block root logins if you want there? I don't see why sshd
> should be treated differently than other tools in the system. 

What'dya mean? Right now, ssh is the one treated differently. Compare, for
example, gdm.conf, which is set to "AllowRemoteRoot=false".

> Anaconda, authconfig can ask questions at install time like:
>  Allow root logins: [X] Local, [] Everywhere, [] By domain ..., etc.
>  Allow user logins: [] Local, [X] Everywhere, [] By domain ..., etc.
> and setup an access.conf file.

I really don't think more questions is the answer.

-- 
Matthew Miller           mattdm mattdm org          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]