OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Swanson, Bryan (bswansunf.edu)
Date: Fri Jan 04 2002 - 12:19:43 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    we use unpackaged Linux-PAM-0.75 and haven't seen that particular
    problem...here's what our /etc/pam.d/su looks like:

    #%PAM-1.0
    #[For version 1.0 syntax, the above header is optional]
    #
    # The PAM configuration file for the `su' service
    #
    auth requisite pam_wheel.so debug
    auth sufficient pam_rootok.so
    auth [success=done auth_err=ignore] pam_unix.so
    auth sufficient pam_krb5.so no_ccache
    use_first_pass
    auth optional pam_warn.so
    auth required pam_deny.so

    account required pam_unix.so

    session required pam_unix.so

    note the use of pam_rootok to prevent root from having to supply
    a user's password ... also non-wheel members can't su to uid 0

    -b

    > -----Original Message-----
    > From: Andreas Hasenack [mailto:andreasconectiva.com.br]
    > Sent: Friday, January 04, 2002 12:46 PM
    > To: pam-listredhat.com
    > Subject: Follow-up Re: su: user->root ok, user1->user2 ok, root->user
    > NOK
    >
    >
    > Em Fri, Jan 04, 2002 at 02:02:39PM -0200, Andreas Hasenack escreveu:
    > > Hi, I'm having a trouble with su and pam-0.75 (with absolutely
    > > no patches, just the original tarball).
    > >
    > > As a regular user, I can su to root as usual, just giving
    > > root's password. I can also su from a regular user to another
    > > one without problems.
    > >
    > > BUT, as root, I cannot su at all, getting this prmission
    > denied error:
    >
    > Well, I took a look at redhat's pam package and found 50
    > (fifty) patches to
    > the original Linux-PAM-0.75.tar.gz, around 360Kb of patches.
    >
    > I applied all of them and it started working. So, is this a
    > bug in linux-pam?
    > Is there a 0.76 release around the corner? Hmm, I tried the
    > CVS version and
    > it also didn't work, so the right patch (one or more among
    > those 50) isn't
    > in CVS.
    >
    > Is someone else using "pristine" linux-pam out there? Are you
    > having this
    > su problem too?
    >
    >
    >
    > _______________________________________________
    > Pam-list mailing list
    > Pam-listredhat.com
    > https://listman.redhat.com/mailman/listinfo/pam-list
    >

    _______________________________________________
    Pam-list mailing list
    Pam-listredhat.com
    https://listman.redhat.com/mailman/listinfo/pam-list