[35933] in Kerberos
Re: pan_krb5 not being called by su - root?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Thu Mar 27 13:37:24 2014
From: Russ Allbery <eagle@eyrie.org>
To: "\<kerberos\@mit.edu\>" <kerberos@mit.edu>
In-Reply-To: <CA+j=ERq5yByyF8fLQM0CUNCGe_dDrNPcO2xO_DxV2y_UmX=eTg@mail.gmail.com>
(Wendy Lin's message of "Thu, 27 Mar 2014 18:22:10 +0100")
Date: Thu, 27 Mar 2014 10:37:07 -0700
Message-ID: <874n2jpmpo.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Wendy Lin <wendlin1974@gmail.com> writes:
> Does anyone have a good idea why pam_krb5 does not appear to be called
> for su - root while exec login root calls pam_krb5?
Check /etc/pam.d/su and see if su has special rules that cause it to
bypass your regular PAM configuration. Sometimes it does.
Also, note that su's PAM configuration generally bypasses the rest of the
PAM authentication stack if run as root, so it's normal to not see PAM
auth stack invocations unless you're running that command as a regular
user.
--
Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
