root login

[Marc]

Sam Hartman wrote:

>>>>>>"Sylvain" == Sylvain Robitaille <syl at alcor.concordia.ca> writes:
>>>>>>
> 
>     Sylvain> Consider first, why you *don't* want to do that: login
>     Sylvain> (or login.krb5) is not called only by getty.  Ideally
>     Sylvain> you'd login as a non-root user and then *become* root
>     Sylvain> with su, (or use sudo, or whatever is appropriate to your
>     Sylvain> site policy).
> 
> You're probably just as happy logging in as root using ssh or
> encrypted rlogin using a root instance; you get the same auditing as
> with ksu and don't have to have user accounts on trusted servers.
> 
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> http://mailman.mit.edu/mailman/listinfo/kerberos
> 
> 

Thank you all for your various answers, I think you are right that well 
not permitting root to login is a "good feature" but I was sort of 
planning the worst case scenario, like: what do I do if my KDC just 
crashed ? THen I will need to reboot the Linux into single user mode 
simply to enter to my system :((

Any ideas against that ??

Regards