<!-- This file has been automatically generated. See web/README.md -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body>
<div id="compose-container" style="direction: ltr" itemscope="" itemtype="https://schema.org/EmailMessage">
<span itemprop="creator" itemscope="" itemtype="https://schema.org/Organization"><span itemprop="name" content="Outlook Mobile for iOS"></span></span>
<div>
<div style="direction: ltr;"><span style="font-family: Calibri, sans-serif; font-size: 11pt;">Hi List,</span></div>
<div class="gmail_quote">
<div class="WordSection1">
<p class="MsoNormal"> </p>
<p class="MsoNormal">We currently have the following config in /etc/pam.d/system-auth on a RHEL 6.3 staging server:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">#%PAM-1.0</p>
<p class="MsoNormal"># This file is auto-generated.</p>
<p class="MsoNormal"># User changes will be destroyed the next time authconfig is run.</p>
<p class="MsoNormal">auth        required      pam_env.so</p>
<p class="MsoNormal">#auth      sufficient    pam_fprintd.so</p>
<p class="MsoNormal">#auth      sufficient    pam_unix.so nullok try_first_pass</p>
<p class="MsoNormal">#auth      requisite     pam_succeed_if.so uid >= 500 quiet</p>
<p class="MsoNormal">#auth      required      pam_deny.so</p>
<p class="MsoNormal">auth        required      pam_faillock.so preauth audit silent deny=5</p>
<p class="MsoNormal">auth        [success=1 default=bad] pam_unix.so</p>
<p class="MsoNormal">auth        [default=die] pam_faillock.so authfail audit deny=5</p>
<p class="MsoNormal">auth        sufficient    pam_faillock.so authsucc audit deny=5</p>
<p class="MsoNormal">account  required      pam_unix.so</p>
<p class="MsoNormal">account  sufficient    pam_localuser.so</p>
<p class="MsoNormal">account  sufficient    pam_succeed_if.so uid < 500 quiet</p>
<p class="MsoNormal">account  required      pam_permit.so</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">After testing in our staging server, “su - root” and “sudo su – root” command are not working if "auth required pam_deny.so" is enable in /etc/pam.d/system-auth</p>
<p class="MsoNormal">Would like to check if there are any areas that might be misconfigure.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Thanks.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Regards, </p>
<p class="MsoNormal">Keng Lim</p>
<p class="MsoNormal"> </p>
</div>
<br>
<br>
</div>
<style><!--@font-face  {font-family:Latha}@font-face   {font-family:"Cambria Math"}@font-face        {font-family:DengXian}@font-face        {font-family:Calibri}@font-face {}p.MsoNormal, li.MsoNormal, div.MsoNormal      {margin:0in;    margin-bottom:.0001pt;  font-size:11.0pt;       font-family:"Calibri",sans-serif}a:link, span.MsoHyperlink    {color:#0563C1; text-decoration:underline}a:visited, span.MsoHyperlinkFollowed  {color:#954F72; text-decoration:underline}span.EmailStyle17     {font-family:"Calibri",sans-serif;    color:windowtext}.MsoChpDefault {}@page WordSection1    {margin:1.0in 1.0in 1.0in 1.0in}div.WordSection1        {}--></style></div>
</div>
</body>
</html>