su (PAM) gotcha
Tomas Mraz
tmraz at redhat.com
Wed Jan 24 10:22:27 UTC 2007
On Tue, 2007-01-23 at 10:57 -0700, Jonathan Corbet wrote:
> In case this is useful to anybody...after yesterday's rawhide update (my
> first in a week or two), any attempt to run su would fail with a quick
> "incorrect password" message. Before it ever asked for a password.
> Even I can't fat-finger something if I don't even get the opportunity to
> type.
>
> A quick look in /etc/pam.d revealed my old "su" file from a few years
> back, which I had never changed. There was an "su.rpmnew" file there as
> well, dated last July. Switching to the new one made my problem go
> away. I've not had the time to figure out just what change made the
> difference - the PAM files have clearly evolved considerably over time.
The old su config used pam_stack.so which I removed with upgrade to
pam-0.99.7.0. Pam_stack was deprecated in FC5 already and its use caused
messages in /var/log/secure so you could have noticed that there is
something wrong with your setup for a long time ago.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the fedora-test-list
mailing list