pan_krb5 not being called by su - root?

Russ Allbery eagle at eyrie.org
Thu Mar 27 13:50:37 EDT 2014


Wendy Lin <wendlin1974 at gmail.com> writes:

> Where is the pam config which controls whether pam_krb5 is not called
> for user root?

On Debian and Ubuntu, it's this part at the top of /etc/pam.d/su:

# This allows root to su without passwords (normal operation)
auth       sufficient pam_rootok.so

I'm not sure on Red Hat, but there's probably something similar.
"sufficient" in PAM configuration means "return success immediately
without running the rest of the stack."

-- 
Russ Allbery (eagle at eyrie.org)              <http://www.eyrie.org/~eagle/>


More information about the Kerberos mailing list