1 |
I understand the value of pam in general--just not |
2 |
for this specific task. |
3 |
|
4 |
root:ALL EXCEPT GROUP wheel:DENY in /etc/suauth |
5 |
would effectivly emulate the current pam |
6 |
restriction in what I would consider to be a |
7 |
clearer manner. |
8 |
|
9 |
Personally, when I noticed su was restricted for |
10 |
users, the first place I looked was /etc/suauth, |
11 |
the second /etc/login.defs and only in the end |
12 |
at /etc/pam.d/ |
13 |
|
14 |
|
15 |
On Tue 09 Apr 2002 at 11:12 -0500, |
16 |
Scott Moynes wrote: |
17 |
|
18 |
> * mrfab@×××.net (mrfab@×××.net) wrote: |
19 |
> > This has probably been discussed before, but what |
20 |
> > is the advantage of using pam to restrict su |
21 |
> > instead of /etc/suauth. /etc/suauth offers a lot |
22 |
> > of flexibilty and seems like a more natural place |
23 |
> > to look than /etc/pam.d or /etc/login.defs when |
24 |
> > working with su. |
25 |
> |
26 |
> suauth only allows users to use su without knowing other passwords; |
27 |
> they must only enter their own, or no pass. pam allows other access |
28 |
> methods, such as authenticating against a database. |
29 |
> |
30 |
> -- |
31 |
> Scott Moynes |
32 |
> "Anyone who considers arithmetical methods of producing random numbers |
33 |
> is, of course, in a state of sin." -- John Von Neumann |
34 |
|
35 |
|
36 |
-- |
37 |
- Scott J Garner - |
38 |
- Austin, TX - USA - |
39 |
- ICQ: 17348307 AIM: Jungalero - |
40 |
- OPN: MrFab - |