changing the login password's requirement

Matthew Miller mattdm at mattdm.org
Tue Apr 19 21:56:15 UTC 2005


On Tue, Apr 19, 2005 at 02:19:59PM -0700, Don Russell wrote:
> This is already done on other systems (IBM mainframe VM system) and is 
> very helpful in terms of security... no need to ever share the password 
> for root (or any other ID).
[...]
> By extension, such a mechanism could be applicable to the use of "su -". 
> Instead of prompting for root's password, prompt foe the current user 
> password, then see if that user is authorized to log on to root.

Good idea. In fact, so good that it's already implemented. :)

Although it's on a per-executable basis, not per-login. Check out the files
in /etc/security/console.apps/, and the man page for "userhelper".
(Particularly, look at the USER and UGROUPS variables.)



-- 
Matthew Miller           mattdm at mattdm.org        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>




More information about the fedora-list mailing list