[35937] in Kerberos
Re: pan_krb5 not being called by su - root?
daemon@ATHENA.MIT.EDU (Wendy Lin)
Thu Mar 27 14:03:27 2014
MIME-Version: 1.0
In-Reply-To: <87vbuzo7iq.fsf@windlord.stanford.edu>
Date: Thu, 27 Mar 2014 19:03:14 +0100
Message-ID: <CA+j=ERpdt_EvB+k1NCo6-LjXrq2qZkLPgvPdDftF67dv3tjCXA@mail.gmail.com>
From: Wendy Lin <wendlin1974@gmail.com>
To: Russ Allbery <eagle@eyrie.org>
Cc: "<kerberos@mit.edu>" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 27 March 2014 18:50, Russ Allbery <eagle@eyrie.org> wrote:
> Wendy Lin <wendlin1974@gmail.com> writes:
>
>> Where is the pam config which controls whether pam_krb5 is not called
>> for user root?
>
> On Debian and Ubuntu, it's this part at the top of /etc/pam.d/su:
>
> # This allows root to su without passwords (normal operation)
> auth sufficient pam_rootok.so
No No. I was asking for s su - root, for a plain, normal user. In that
case pam_krb5 is not called, or does not fill in any tickets. But a
kinit afterwards as user root does fill in the tickets
Wendy
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
