[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] root login disabled for KDM (KDE 1.4.1)



Environment:  8.2 Suse Professional i386
(athlon kernel-source-2.4.20.SuSE-100 )
KDE 3.1.4 from SuSE supplementary directory
KDM RPM: kdebase3-kdm-3.1.4-34

/etc/passwd entry for root

        root:x:0:0:Konqi:/root:/bin/bash

The name Konqi as root was added with a PNG file for KDM to display, cute 
little 64x64 pixel 3D dragon that he is.

I have remote login and shutdown disabled via "Control Center->System 
Administration->Login Manager".  System UID set to Below 0 and Above 65000. 
"unhidden with every hidden but root (before I had  Below 500 and had 
"Selected only" which included "root").

Unable to login to root via KDM.  Message is "root logins are not allowed".

Nothing in /var/log about the attempt but this:

Oct  1 06:33:34 cueball resmgr[1227]: accepted connection from user root
Oct  1 06:33:34 cueball resmgr[1227]: disconnect from root

# cat /etc/pam.d/login 
#%PAM-1.0
auth requisite  pam_unix2.so    nullok         #set_secrpc
auth required   pam_securetty.so
auth required   pam_nologin.so
#auth    required       pam_homecheck.so
auth required   pam_env.so
auth required   pam_mail.so
account required        pam_unix2.so
password required       pam_pwcheck.so  nullok
password required       pam_unix2.so    nullok use_first_pass use_authtok
session required        pam_unix2.so    none         # debug or trace
session required        pam_limits.so

I suspect something wrong with my PAM configuration.  I did no editing 
explicitly of these files.  There is a /etc/pam.d/xdm but not a
/etc/pam.d/kdm

"login root" from command line fails and goes away before an error can be 
detected.  "su - root" works.

Anyone know what file I have to tweak or what I am doing wrong?

TIA for any help.  Regards.
Bob Pearson
-- 
I am unique and special, just like everyone else.


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here