[35935] in Kerberos
Re: pan_krb5 not being called by su - root?
daemon@ATHENA.MIT.EDU (Wendy Lin)
Thu Mar 27 13:46:51 2014
MIME-Version: 1.0
In-Reply-To: <874n2jpmpo.fsf@windlord.stanford.edu>
Date: Thu, 27 Mar 2014 18:46:31 +0100
Message-ID: <CA+j=ERpGBfgBXVLKu72CXL4xeqyoQ4=eFE+gX1ncgTG7myE3Hg@mail.gmail.com>
From: Wendy Lin <wendlin1974@gmail.com>
To: Russ Allbery <eagle@eyrie.org>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 27 March 2014 18:37, Russ Allbery <eagle@eyrie.org> wrote:
> Wendy Lin <wendlin1974@gmail.com> writes:
>
>> Does anyone have a good idea why pam_krb5 does not appear to be called
>> for su - root while exec login root calls pam_krb5?
>
> Check /etc/pam.d/su and see if su has special rules that cause it to
> bypass your regular PAM configuration. Sometimes it does.
>
> Also, note that su's PAM configuration generally bypasses the rest of the
> PAM authentication stack if run as root, so it's normal to not see PAM
> auth stack invocations unless you're running that command as a regular
> user.
Where is the pam config which controls whether pam_krb5 is not called
for user root?
Wendy
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
