pan_krb5 not being called by su - root?
Russ Allbery
eagle at eyrie.org
Thu Mar 27 13:50:37 EDT 2014
Wendy Lin <wendlin1974 at gmail.com> writes:
> Where is the pam config which controls whether pam_krb5 is not called
> for user root?
On Debian and Ubuntu, it's this part at the top of /etc/pam.d/su:
# This allows root to su without passwords (normal operation)
auth sufficient pam_rootok.so
I'm not sure on Red Hat, but there's probably something similar.
"sufficient" in PAM configuration means "return success immediately
without running the rest of the stack."
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list