root login

Sam Hartman hartmans at MIT.EDU
Tue May 7 22:52:53 EDT 2002


>>>>> "Sylvain" == Sylvain Robitaille <syl at alcor.concordia.ca> writes:

    Sylvain> Consider first, why you *don't* want to do that: login
    Sylvain> (or login.krb5) is not called only by getty.  Ideally
    Sylvain> you'd login as a non-root user and then *become* root
    Sylvain> with su, (or use sudo, or whatever is appropriate to your
    Sylvain> site policy).

You're probably just as happy logging in as root using ssh or
encrypted rlogin using a root instance; you get the same auditing as
with ksu and don't have to have user accounts on trusted servers.




More information about the Kerberos mailing list