On Mon, Aug 27, 2001 at 07:52:29PM +0900, Curt Sampson wrote:
> On Mon, 27 Aug 2001, David Brownlee wrote:
> > 	The "default security policy" does not start sshd.
> 
> I don't see that as being of much consequence. The default security policy
> doesn't start telnetd, either, yet it's always been our default policy
> that, should you start telnetd, you cannot log in as root via the network.

Not quite the same thing - as using telnet to login as root is only
slightly better than writing your root password on the nearest bathroom
door. ("For a good time, login...")

Even with the current setting of 'yes', empty passwords are disallowed
by default, via PermitEmptyPasswords defaulting to 'no'.

Basically, I think the reason for denying root logins prior to ssh
doesn't relate to the current situation - was it to prevent direct root
logins? (if so, why didn't NetBSD ship a default non-root user, and
enforce the same restriction on the console?) - or to prevent cleartext
root passwords on the network?

I'd vote to leave the setting as is.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Mastery of UNIX, like
mastery of language, offers real freedom. The price of freedom is always dear,
but there's no substitute. Personally, I'd rather pay for my freedom than live
in a bitmapped, pop-up-happy dungeon like NT. - Thomas Scoville