pam_wheel

Hey all,

I have users that need root access to their workstations.  Reading the pam
documentation for the pam_wheel module it sounds like I can allow them to
'su -' without entering a password.  This is ideal because I don't want to
give them that root password, i'd rather keep that to myself.  Problem is,
it doesn't work.  I'm using red hat 7.2.  Here is the contents of
/etc/pam.d/su:

#%PAM-1.0
auth       sufficient   /lib/security/pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
auth       sufficient   /lib/security/pam_wheel.so trust use_uid
# Uncomment the following line to require a user to be in the "wheel" group.
#auth       required     /lib/security/pam_wheel.so use_uid
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_xauth.so

Here is output from the id command as a user:

uid=976(jabagley) gid=100(users) groups=100(users),0(root),98(ident)

when 'su -' is entered, i am prompted for a password.  Did I
missunderstand the pam documentation?  what is wrong?

thanks,

--
James Bagley                    |           CDI Innovantage
james_bagley@xxxxxxxxxxxxxxx    | Technical Computing UNIX Admin Support
   DON'T PANIC                  |       Agilent Technologies IT
Phone: (541) 738-3340           |          Corvallis, Oregon
--