SSHd
Matthew Miller
mattdm at mattdm.org
Mon Aug 21 02:09:20 UTC 2006
On Sun, Aug 20, 2006 at 12:38:43PM +0100, Kostas Georgiou wrote:
> Not to mention that kerberos/ldap/nis/whatever might be down so user
> logins might not be available.
This is a fine argument for setting up key-based access.
> In any case wouldn't it better to start using pam_access by default in
> system_auth and block root logins if you want there? I don't see why sshd
> should be treated differently than other tools in the system.
What'dya mean? Right now, ssh is the one treated differently. Compare, for
example, gdm.conf, which is set to "AllowRemoteRoot=false".
> Anaconda, authconfig can ask questions at install time like:
> Allow root logins: [X] Local, [] Everywhere, [] By domain ..., etc.
> Allow user logins: [] Local, [X] Everywhere, [] By domain ..., etc.
> and setup an access.conf file.
I really don't think more questions is the answer.
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-devel-list
mailing list