[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Wheel module with trust doesn't work (?)

On Thu, 12 Mar 1998 alanr@bell-labs.com wrote:
>When I put this line at the top of the 'su' PAM configuration:
>	auth       sufficient  /lib/security/pam_wheel.so trust
>I (in group wheel, gid=0) am prompted for a password when using su.
>When I change it to this line:
>	auth    sufficient  /lib/security/pam_wheel.so trust bug-workaround
>(or any invalid keyword in place of bug-workaround), it works correctly (i.e.,
>it doesn't prompt me for a password).  I think the non-"trust" case fails in a
>similar way.
>Andrew required my /etc/pam.d/su file.  Hope it's sufficient 		:-)
>auth       sufficient   /lib/security/pam_wheel.so trust bug-workaround
>auth       required     /lib/security/pam_pwdb.so shadow nullok
>account    required     /lib/security/pam_pwdb.so
>password   required     /lib/security/pam_cracklib.so
>password   required     /lib/security/pam_pwdb.so shadow use_authtok nullok
>session    required     /lib/security/pam_pwdb.so

Everything is working fine for me.  With the "trust" argument and without
the "bug-workaround" argument, I am not required to enter a password to
su to root.

----- begin /etc/pam.d/su -----
auth       sufficient	/lib/security/pam_wheel.so trust
auth       required	/lib/security/pam_pwdb.so shadow nullok
account    required	/lib/security/pam_pwdb.so
password   required	/lib/security/pam_cracklib.so
password   required	/lib/security/pam_pwdb.so shadow use_authtok nullok
session    required	/lib/security/pam_pwdb.so
----- end /etc/pam.d/su -----

$ rpm -q redhat-release pam sh-utils

(su is in sh-utils)

The user you're su-ing from *is* in the root *group* (in /etc/group),
right???  Remember, you have to logout and login again after adding a
user to a group.

    Steve Coile

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []