logo       
<prev   next>

RE: pam_wheel: msg#00010

linux.pam

Subject: RE: pam_wheel

pam_wheel defaults to checking for "wheel" group membership
not "root" group...you can also specify a different group name, i
believe the module argument is "group=" ...

-b

> -----Original Message-----
> From: James Bagley Jr [mailto:jabagley@xxxxxxxxxxxxxxx]
> Sent: Thursday, March 28, 2002 2:01 PM
> To: pam-list@xxxxxxxxxx
> Subject: pam_wheel
>
>
> Hey all,
>
> I have users that need root access to their workstations.
> Reading the pam
> documentation for the pam_wheel module it sounds like I can
> allow them to
> 'su -' without entering a password. This is ideal because I
> don't want to
> give them that root password, i'd rather keep that to myself.
> Problem is,
> it doesn't work. I'm using red hat 7.2. Here is the contents of
> /etc/pam.d/su:
>
> #%PAM-1.0
> auth sufficient /lib/security/pam_rootok.so
> # Uncomment the following line to implicitly trust users in
> the "wheel" group.
> auth sufficient /lib/security/pam_wheel.so trust use_uid
> # Uncomment the following line to require a user to be in the
> "wheel" group.
> #auth required /lib/security/pam_wheel.so use_uid
> auth required /lib/security/pam_stack.so service=system-auth
> account required /lib/security/pam_stack.so service=system-auth
> password required /lib/security/pam_stack.so service=system-auth
> session required /lib/security/pam_stack.so service=system-auth
> session optional /lib/security/pam_xauth.so
>
> Here is output from the id command as a user:
>
> uid=976(jabagley) gid=100(users) groups=100(users),0(root),98(ident)
>
> when 'su -' is entered, i am prompted for a password. Did I
> missunderstand the pam documentation? what is wrong?
>
> thanks,
>
> --
> James Bagley | CDI Innovantage
> james_bagley@xxxxxxxxxxxxxxx | Technical Computing UNIX Admin Support
> DON'T PANIC | Agilent Technologies IT
> Phone: (541) 738-3340 | Corvallis, Oregon
> --
>
>
>
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://listman.redhat.com/mailman/listinfo/pam-list
>


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: pam_wheel: 00010, Ivan Popov
Next by Date:  Remote Console Login: 00010, Darwin Airola
Previous by Thread:  Re: pam_wheeli: 00010, Ethan Benson
Next by Thread:  RE: pam_wheel: 00010, James Bagley Jr
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise