[35936] in Kerberos
Re: pan_krb5 not being called by su - root?
daemon@ATHENA.MIT.EDU (Russ Allbery)
Thu Mar 27 13:50:54 2014
From: Russ Allbery <eagle@eyrie.org>
To: Wendy Lin <wendlin1974@gmail.com>
In-Reply-To: <CA+j=ERpGBfgBXVLKu72CXL4xeqyoQ4=eFE+gX1ncgTG7myE3Hg@mail.gmail.com>
(Wendy Lin's message of "Thu, 27 Mar 2014 18:46:31 +0100")
Date: Thu, 27 Mar 2014 10:50:37 -0700
Message-ID: <87vbuzo7iq.fsf@windlord.stanford.edu>
MIME-Version: 1.0
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Wendy Lin <wendlin1974@gmail.com> writes:
> Where is the pam config which controls whether pam_krb5 is not called
> for user root?
On Debian and Ubuntu, it's this part at the top of /etc/pam.d/su:
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
I'm not sure on Red Hat, but there's probably something similar.
"sufficient" in PAM configuration means "return success immediately
without running the rest of the stack."
--
Russ Allbery (eagle@eyrie.org) <http://www.eyrie.org/~eagle/>
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
