Harry Putnam wrote:
I've diddled around for 35 minutes googling for the release notes for
build 124 to see if something is in there about root logins.
Can some kind sole please direct me.
Google stings like `opensolaris "release notes" 2010'
`opensolaris "release notes" build 124
and etc have brought nothing but a mess.
Now if someone feels I shouldn't be doing this... please keep it to
yourself ... here I want information about the problem... not
solutions such as DON'T SSH to ROOT.
... is there something new going on about root logins?
Somewhere along the line, "root" became a role in the OpenSolaris
builds. Because it is a role and not a user account, you can't login to
it. This is enforced by the pam(3PAM) module pam_roles.so.1 (see
pam_roles(5)). There are several possible changes that you can make to
enable "root" login on your system, but they are not recommended.
The recommended method of gaining privilege on a host is to
1. login to that host as an unprivileged user
2. use pfexec(1) or su(1m) to elevate privilege.
Now, that being said, If you have a burning desire to work without a net
and need a little rope to hang yourself, you would need to
1. Tell sshd(1) to allow root login
/etc/ssh/sshd_config
PermitRootLogin Yes
2. Configure pam(3PAM) to allow sshd to let you login to a role directly.
/etc/pam.conf
sshd-kbdint account required pam_unix_account.so.1
There are other ways you can achieve this.
I know that you don't want to hear it, but DON'T SSH to ROOT
-Norm
_______________________________________________
opensolaris-discuss mailing list
[email protected]
