System Security Service (SSSD) was initially developed to be the primary client component for FreeIPA but later became an independent project in its own right. The primary role of SSSD is to provide access to identity and authentication resources through a common framework that can provide caching and offline support to a system. When a user logs into a network with centrally managed accounts, the user information and credentials are automatically stored in an SSSD cache on the user’s system. For offline support, SSSD authenticates the user’s credentials against the local SSSD cache. Authentication through SSSD enables LDAP, NIS, and
Linux capability support and use can be explored and constrained with this utility which is available on Fedora and downstream distributions. It also provides some debugging features useful for summarizing capability state. Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute. See the capabilities(7) man page for more information. Linux has implemented 7 of the capabilities outlined in the uncompleted (and defunct) POSIX 1003.1e specification, and another 20 plus Linux specific ones. $ capsh –print Current: = Bounding set =cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36 Securebits: 00/0x0/1’b0 secure-noroot:
You need to modify two files to enable root login via GDM (Gnome Display Manager) which is the default display manager on Debian 6. First edit /etc/gdm3/daemon.conf and add the following line: AllowRoot=true under the security options i.e. under the [security] tag. Then comment out the following line in /etc/pam.d/gdm3 auth required pam_succeed_if.so user != root You should then be able to login as root via GDM.