[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: pam user authentication

From: Igmar Palsenberg <maillist chello nl>
To: "'redhat-list redhat com'" <redhat-list redhat com>
Subject: Re: pam user authentication
Date: Thu, 30 Dec 1999 23:32:27 +0100 (CET)


On Thu, 30 Dec 1999, Wilde, Jeff wrote:

> I am trying to get su to only work with people that are in the wheel group.
> I have added the following to su:
> 
> auth      sufficient   /lib/security/pam_rootok.so debug
> auth       required     /lib/security/pam_wheel.so debug
> auth       required     /lib/security/pam_pwdb.so shadow nullok
> account    required     /lib/security/pam_pwdb.so
> password   required     /lib/security/pam_cracklib.so
> password   required     /lib/security/pam_pwdb.so shadow use_authtok nullok
> session    required     /lib/security/pam_pwdb.so
> session    optional     /lib/security/pam_xauth.so
> 
> 
> When I authenticate I get the following error:
> 
> Dec 30 10:02:13 lucy PAM-Wheel[16104]: Access denied for 'ops' to 'root'
> 
> here is my wheel group:
> [root lucy pam.d]# grep wheel /etc/group
> wheel:x:10:root,ops
> 
> 
> any ideas what I am missing here?

yes. The pam module check GID 0, and NOT, I repeat NOT, the real wheel
group...

The module has in my opinion a misleading name...

If want that, use something as 

auth required /lib/security/pam_wheel.so group=wheel

> 
> Thanx in advance.
> -=-=-=-=-=-=--=-=-=-=-=---=-=-=-=-=-=-=-=--=-=-=|_
> =  Jeff Wilde   mailto:jeff wilde westgroup com  |_
> -    West Group Technical Services                    |
> =   (651)-687-8650                                            =
> =-=-=-=-=-=-=-=--=-=-=-=-=-=--=-=-=-=-=-=-=--=--=-


	
		Igmar

References:
- pam user authentication
  - From: Wilde, Jeff

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]