Several MacFixIt readers have reported problems disabling root user access using NetInfo Manager in Mac OS X 10.3.x. Though NetInfo indicates that Root access is being disabled, but users are still able to log in as root:
In the Broadband Reports forum, user "mgilliland" reports two scenarios whereby a user can gain root access after it has been "disabled":
"Scenario A: If using the Users list for the login screen you do not see the 'Other..' to login. No problem for the savvy user for they can just 'Option Return Mouse click' on a user in the list and will then be presented with text login. There you can type root for username and the root password (if they happen to know it - hopefully they haven't) and bang root access.
"Scenario B: If using text login just type root for username and the root password (if they happen to know it - hopefully they haven't) and bang root access.
"When using the User list login screen and root is enabled you do see the 'Other...' for login. But when root is disabled and using the User list login screen you do not see the 'Other...' login but you can do as stated in Scenario A. The login screen is recognizing that root is either disabled or enable when using User list login as is NetInfo Manager. It shows everything just as you would expect but you can still login as root."
You can determine whether or not root is "disabled" by checking the password field in NetInfo Manager. When root is disabled the string of characters in the root password field is preceded by and "*". When root is enabled there will not be and "*".