Get rid of root - or: PSARC/2008/321

An interesting PSARC case got it´s approval: PSARC/2008/321 - No Root Login:

It has been suggested that Solaris should permit "root" to be a no login account.
[...]
Add a "solaris.system.maintenance" authorization. Modify sulogin(1M) toprompt for a username and password. If the username entered is authenticated by the password and has the "solaris.system.maintenance" authorization, enter system maintenance mode. If not, as before this project, deny access.

Besides of making root a role, this would be another way to get rid of a direct usable root account in Solaris. With this change you can use your own username and password to log into an “root shell” without knowing the root password … there doesn´t even have to be a root password. You only need the authorization solaris.system.maintenance in your user attributes. (via ceri on twitter)