--BzCohdixPhurzSK4
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Sep 30, 2002 at 08:51:50PM -0700, Dan wrote:
> but it is NOT recommended. The reason this has been changed is because th=
ere
> is no reason you shouldn't be logging in as a regular user who's in the
> wheel group and then su'ing to root when needed.

Sure there is. If I su, then I pass a shared secret across the wire,
even if it is enciphered. If I use PKI authentication, then no
shared secret ever crosses the wire. (Note that I keep the keys
which allow me access as root to a variety of systems on a floppy
and on my person at all times.)

That said, I aprove of default to PermitRootLogin no over yes for
the general case. I'll just always be changing it to without-password,
and you'll have a pretty hard time convincing me I'm doing the
wrong thing. :^>

--=20
gabriel rosenkoetter
gr@eclipsed.net

--BzCohdixPhurzSK4
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (NetBSD)

iD8DBQE9oco09ehacAz5CRoRAm5XAJ4oDYmmQQY7BHRt3cdUwmJTzzH1+ACglv8w
1jkqRUBG3ECyoq6zmPeMoWE=
=P+SI
-----END PGP SIGNATURE-----

--BzCohdixPhurzSK4--