|
osdir.com mailing list archive |
|
Subject: pam_wheel - msg#00007List: linux.pamI have users that need root access to their workstations. Reading the pam documentation for the pam_wheel module it sounds like I can allow them to 'su -' without entering a password. This is ideal because I don't want to give them that root password, i'd rather keep that to myself. Problem is, it doesn't work. I'm using red hat 7.2. Here is the contents of /etc/pam.d/su: #%PAM-1.0 auth sufficient /lib/security/pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. auth sufficient /lib/security/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/pam_wheel.so use_uid auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/security/pam_xauth.so Here is output from the id command as a user: uid=976(jabagley) gid=100(users) groups=100(users),0(root),98(ident) when 'su -' is entered, i am prompted for a password. Did I missunderstand the pam documentation? what is wrong? thanks, -- James Bagley | CDI Innovantage james_bagley@xxxxxxxxxxxxxxx | Technical Computing UNIX Admin Support DON'T PANIC | Agilent Technologies IT Phone: (541) 738-3340 | Corvallis, Oregon -- Thread at a glance:
Previous Message by Date: click to view message previewRe: Pam-list digest, Vol 1 #487 - 4 msgs> It's all documented in Apache Doc. You need to use the following line in > you're .htaccess file so that passwords distinct from the system > database work: > > AuthPAM_Enabled Off > > > Otherwise regular system accounts are used. Does Apache2 switch back to uid 0 to read /etc/shadow ?? Just wondering. Igmar Next Message by Date: click to view message previewRe: pam_wheelJames Bagley Jr wrote: Hey all, I have users that need root access to their workstations. Reading the pam documentation for the pam_wheel module it sounds like I can allow them to 'su -' without entering a password. This is ideal because I don't want to give them that root password, i'd rather keep that to myself. Why not use sudo. We use that so that we can login as root with our own password, and not know the root password. You can also sudo with no password, but it is a bigger security hole. Forrest Previous Message by Thread: click to view message previewRe: Pam-list digest, Vol 1 #487 - 4 msgsHello, I think you need to look at the htpasswd program's man page. The passwords are not stored in /etc/password. I have a Apache2 configuration which does htaccess based authentication It's all documented in Apache Doc. You need to use the following line in you're .htaccess file so that passwords distinct from the system database work: AuthPAM_Enabled Off Otherwise regular system accounts are used. Sincerely, Klaus -- Klaus Steinberger Beschleunigerlabor der TU und LMU Muenchen Phone: (+49 89)289 14287 Hochschulgelaende, D-85748 Garching, Germany FAX: (+49 89)289 14280 EMail: Klaus.Steinberger@xxxxxxxxxxxxxxxxxxxxxx URL: http://www.physik.uni-muenchen.de/~k2/ In a world without fences and walls, who needs Windows and Gates? Next Message by Thread: click to view message previewRe: pam_wheelJames Bagley Jr wrote: Hey all, I have users that need root access to their workstations. Reading the pam documentation for the pam_wheel module it sounds like I can allow them to 'su -' without entering a password. This is ideal because I don't want to give them that root password, i'd rather keep that to myself. Why not use sudo. We use that so that we can login as root with our own password, and not know the root password. You can also sudo with no password, but it is a bigger security hole. Forrest Loading Comments...
|
|
