PAM Recipe to Authenticate on Either the User's Password or Root's Password
Les Mikesell
lesmikesell at gmail.com
Sat May 13 18:52:43 UTC 2006
On Sat, 2006-05-13 at 13:22, Schlaegel wrote:
> I want everyone to avoid 'su', and most users won't know any important
> target passwords (like root). Also, which password is required is
> inconsistent across linux programs and even across `sudo`
> installations, so I want either to work.
>
> Rather than debate the social issues, I want to know if anyone knows a
> technical solution that allows this.
It's more program philosophy than a social issue. When you
disagree with the author about what the program is supposed
to do, the source code is the place to start.
> (This same pam recipe would be handy in a screensaver lock screen.)
Pam can check a password against any number of things you
want, but I don't think there is a way to tell it that
other user names are OK in the same run. You might build
an appropriate permutation of the password file for a
service (where the expected user name is matched with the
alternate acceptable password) and add that to the list that
pam should check.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list