On Tue, 22 Oct 2002, Shankar Ramchandran wrote:
That means that the ideal security configuration is that root is restricted from logging in to the machine remotely and locally. All administrators should log in to the machine using unprivileged accounts and su to root. Thus the sulog will reflect which administrator has logged in and su'ed to the root account.
And having a root password that doesn't work does that how? If the root password doesn't work, then you cannot even su to root.
I think the original statement may have been wrong. The root password needs to work, it should however only be allowed from local terminals. In case of booting in single user mode, or if other user accounts become unusable, this is the only way of getting access to the machine.