| 1 |
I understand the value of pam in general--just not |
| 2 |
for this specific task. |
| 3 |
|
| 4 |
root:ALL EXCEPT GROUP wheel:DENY in /etc/suauth |
| 5 |
would effectivly emulate the current pam |
| 6 |
restriction in what I would consider to be a |
| 7 |
clearer manner. |
| 8 |
|
| 9 |
Personally, when I noticed su was restricted for |
| 10 |
users, the first place I looked was /etc/suauth, |
| 11 |
the second /etc/login.defs and only in the end |
| 12 |
at /etc/pam.d/ |
| 13 |
|
| 14 |
|
| 15 |
On Tue 09 Apr 2002 at 11:12 -0500, |
| 16 |
Scott Moynes wrote: |
| 17 |
|
| 18 |
> * mrfab@×××.net (mrfab@×××.net) wrote: |
| 19 |
> > This has probably been discussed before, but what |
| 20 |
> > is the advantage of using pam to restrict su |
| 21 |
> > instead of /etc/suauth. /etc/suauth offers a lot |
| 22 |
> > of flexibilty and seems like a more natural place |
| 23 |
> > to look than /etc/pam.d or /etc/login.defs when |
| 24 |
> > working with su. |
| 25 |
> |
| 26 |
> suauth only allows users to use su without knowing other passwords; |
| 27 |
> they must only enter their own, or no pass. pam allows other access |
| 28 |
> methods, such as authenticating against a database. |
| 29 |
> |
| 30 |
> -- |
| 31 |
> Scott Moynes |
| 32 |
> "Anyone who considers arithmetical methods of producing random numbers |
| 33 |
> is, of course, in a state of sin." -- John Von Neumann |
| 34 |
|
| 35 |
|
| 36 |
-- |
| 37 |
- Scott J Garner - |
| 38 |
- Austin, TX - USA - |
| 39 |
- ICQ: 17348307 AIM: Jungalero - |
| 40 |
- OPN: MrFab - |
Archives