[OpenIndiana-discuss] Solaris 11 is out - so?

[Harry Putnam]

Alan Coopersmith <alan.coopersmith at oracle.com> writes:

>> It appears to no longer even be possible to circumvent the suggested
>> usage of root account and allow root logins.
>>
>> Anyone know for sure if it is still possible to enforce an old
>> fashioned root account with regular login access?  If so how might it
>> be done?
>>
>> On oi its no harder than `rolemod -K type=normal root' and then allow
>> root login in /etc/ssh/sshd_config.
>>
>> That does not work on sol11.  Even editing /etc/ssh/sshd_config, there
>> appears to be some extra editing needed on involving pam.
>
> That's two different things there - one is allowing root to login as an
> account directly, the other is allowing login via ssh, which wasn't
> allowed by default in Solaris 9 or 10 with a normal root account either.

Yes, I knew that, yet still managed to confuse them together.

After making both edits...I was not able to ssh to root, and from
there got into the muddle.

However I see now that the sole reason really stemmed from
something about sol11 that really is different.

sol11 will not let you chose your own passwd for root if it doesn't
have either a number or special char in it.

The login I normally use for root has upper and lower case letters and
a nice random selection of them... but sol11 will not allow me to use
that passwd.  So I added an underscore and moved on.

However, I have become so accustomed to logging in as root with my
regular passwd, that the next day, when I got around to working on the
root account edits, and it came time to enter a passwd with ssh to
root, I entered my regular passwd ..  when it was denied forgot that I
had been forced to use an underscore and I took the reason for failure
to be that I was not allowed to ssh to root even though I had edited
sshd_config.

So there is something that sol11 puts in the way... but it is neither
of root user/role nor edit of sshd_config... so I'm really sorry for
the line noise.