[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

RE: Follow-up Re: su: user->root ok, user1->user2 ok, root->user NOK

From: "Swanson, Bryan" <bswans unf edu>
To: "'pam-list redhat com'" <pam-list redhat com>
Subject: RE: Follow-up Re: su: user->root ok, user1->user2 ok, root->user NOK
Date: Fri, 4 Jan 2002 13:19:43 -0500

we use unpackaged Linux-PAM-0.75 and haven't seen that particular
problem...here's what our /etc/pam.d/su looks like:

#%PAM-1.0
#[For version 1.0 syntax, the above header is optional]
#
# The PAM configuration file for the `su' service
#
auth     requisite                       pam_wheel.so debug
auth     sufficient                      pam_rootok.so
auth     [success=done auth_err=ignore]  pam_unix.so
auth     sufficient                      pam_krb5.so no_ccache
use_first_pass
auth     optional                        pam_warn.so
auth     required                        pam_deny.so

account  required                        pam_unix.so

session  required                        pam_unix.so


note the use of pam_rootok to prevent root from having to supply
a user's password ... also non-wheel members can't su to uid 0

-b



> -----Original Message-----
> From: Andreas Hasenack [mailto:andreas@conectiva.com.br]
> Sent: Friday, January 04, 2002 12:46 PM
> To: pam-list@redhat.com
> Subject: Follow-up Re: su: user->root ok, user1->user2 ok, root->user
> NOK
> 
> 
> Em Fri, Jan 04, 2002 at 02:02:39PM -0200, Andreas Hasenack escreveu:
> > Hi, I'm having a trouble with su and pam-0.75 (with absolutely
> > no patches, just the original tarball).
> > 
> > As a regular user, I can su to root as usual, just giving
> > root's password. I can also su from a regular user to another
> > one without problems.
> > 
> > BUT, as root, I cannot su at all, getting this prmission 
> denied error:
> 
> Well, I took a look at redhat's pam package and found 50 
> (fifty) patches to
> the original Linux-PAM-0.75.tar.gz, around 360Kb of patches.
> 
> I applied all of them and it started working. So, is this a 
> bug in linux-pam?
> Is there a 0.76 release around the corner? Hmm, I tried the 
> CVS version and
> it also didn't work, so the right patch (one or more among 
> those 50) isn't
> in CVS.
> 
> Is someone else using "pristine" linux-pam out there? Are you 
> having this
> su problem too?
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
>

Follow-Ups:
- Re: Follow-up Re: su: user->root ok, user1->user2 ok, root->user NOK
  - From: Andreas Hasenack <andreas@conectiva.com.br>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index] []