[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

PAM configuration



Hi everybody,

my su command shows some odd behaviour and I have no idea what the
reason could be.

Invoking su as user fails:
$ su
Password:
su: User account has expired
Sorry.
$

Invoking su from root works but also behaves strange:
# su <user>
su: User account has expired
(ignored)
$

The configuration is
$ cat /etc/pam.d/su
auth		sufficient	pam_rootok.so
auth		required	pam_unix.so
$ cat /etc/pam.d/other
#
# default configuration: /etc/pam.d/other
#
auth     required       /usr/lib/security/pam_warn.so
auth     required       /usr/lib/security/pam_deny.so
account  required       /usr/lib/security/pam_deny.so
password required       /usr/lib/security/pam_warn.so
password required       /usr/lib/security/pam_deny.so
session  required       /usr/lib/security/pam_deny.so
$

su is from shadow-19990827.
PAM is Linux-PAM-0.71.

The message telling me that the acount had expired supposedly comes
from `pam_deny'. But why has this module been loaded anyway? The
`others' configuration should be loaded only if the configuration
fails/doesn't exist.

Renaming `other' temporarily leads to the message
su: Permission denied

instead. This message is again ignored (see above) when changing from
root to a different user.

Any ideas out there?

Thanks a lot,
       Marcus
-- 
	  Some operating systems are called `user friendly',
		  UNIX however is `expert friendly'.

    Marcus Harnisch <mailto:marcus@harnisch.isdn.cs.tu-berlin.de>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []