A regular on a private list I follow has written :

*[...] therein lies the beauty of the newer flavors of *nix.* You
can lock root (and SU) access to physical machines ONLY, and
even lock it down to specific logins ONLY on specific machines.

How would Fedora do that?

I wouldn't want it any PC on my LAN, because I do 99 44/100% of
the updating and general administrivia on a couple of them remotely over
ssh; but it sounds like a good thing to have on any laptop or tablet that
spends much time on wifi.

--
Beartooth Staffwright, Not Quite Clueless Power User
I have precious (very precious!) little idea where up is.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

On 10/09/2011 05:12 PM, Beartooth wrote:
>
> A regular on a private list I follow has written :
>
> [...] therein lies the beauty of the newer flavors of *nix. You
> can lock root (and SU) access to physical machines ONLY, and
> even lock it down to specific logins ONLY on specific machines.
>
> How would Fedora do that?

There's the pam_securetty module that filters root logins to a set of
"secure" ttys listed in /etc/securetty. You can use that as a required
pam module in the system authentication configuration to restrict root
logins to physical terminals.

Regards,
Bryn.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines