changing the login password's requirement
Matthew Miller
mattdm at mattdm.org
Tue Apr 19 21:56:15 UTC 2005
On Tue, Apr 19, 2005 at 02:19:59PM -0700, Don Russell wrote:
> This is already done on other systems (IBM mainframe VM system) and is
> very helpful in terms of security... no need to ever share the password
> for root (or any other ID).
[...]
> By extension, such a mechanism could be applicable to the use of "su -".
> Instead of prompting for root's password, prompt foe the current user
> password, then see if that user is authorized to log on to root.
Good idea. In fact, so good that it's already implemented. :)
Although it's on a per-executable basis, not per-login. Check out the files
in /etc/security/console.apps/, and the man page for "userhelper".
(Particularly, look at the USER and UGROUPS variables.)
--
Matthew Miller mattdm at mattdm.org <http://www.mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-list
mailing list