we use unpackaged Linux-PAM-0.75 and haven't seen that particular problem...here's what our /etc/pam.d/su looks like: #%PAM-1.0 #[For version 1.0 syntax, the above header is optional] # # The PAM configuration file for the `su' service # auth requisite pam_wheel.so debug auth sufficient pam_rootok.so auth [success=done auth_err=ignore] pam_unix.so auth sufficient pam_krb5.so no_ccache use_first_pass auth optional pam_warn.so auth required pam_deny.so account required pam_unix.so session required pam_unix.so note the use of pam_rootok to prevent root from having to supply a user's password ... also non-wheel members can't su to uid 0 -b > -----Original Message----- > From: Andreas Hasenack [mailto:andreas@conectiva.com.br] > Sent: Friday, January 04, 2002 12:46 PM > To: pam-list@redhat.com > Subject: Follow-up Re: su: user->root ok, user1->user2 ok, root->user > NOK > > > Em Fri, Jan 04, 2002 at 02:02:39PM -0200, Andreas Hasenack escreveu: > > Hi, I'm having a trouble with su and pam-0.75 (with absolutely > > no patches, just the original tarball). > > > > As a regular user, I can su to root as usual, just giving > > root's password. I can also su from a regular user to another > > one without problems. > > > > BUT, as root, I cannot su at all, getting this prmission > denied error: > > Well, I took a look at redhat's pam package and found 50 > (fifty) patches to > the original Linux-PAM-0.75.tar.gz, around 360Kb of patches. > > I applied all of them and it started working. So, is this a > bug in linux-pam? > Is there a 0.76 release around the corner? Hmm, I tried the > CVS version and > it also didn't work, so the right patch (one or more among > those 50) isn't > in CVS. > > Is someone else using "pristine" linux-pam out there? Are you > having this > su problem too? > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list >
