> root having no password is not synonymous to reduced security.

Well, it's reduced security compared to the same system with root's
password starred out. :-)

> in many cases it *may* be, but, these things are not inherently
> related.

The only way I can see to have any significant degree of security with
an empty root password field is to have no ttys marked secure and
nothing else that accepts username/password running (eg, xdm), and then
everyone able to "su root" must be very careful to never log in on a
sniffable channel with a reusable password, never log in on a
hijackable channel without encryption, etc.

How many systems really have their consoles insecure but their hardware
(boxes with cpus inside, disk drives, etc) secure?  Anyone with access
to the latter _can't_ be kept out.  I can't remember last time I saw a
machine whose console was that physically isolated from its cpu and
disk.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B