Hi Lia, <snip> >> >I have used PAM to disallow ssh or su -> root. This is why I think it >may be PAM related. > >Thanks, >Lia Disallowing su to root sounds a little bit backwards. For security, I've chosen a different path. Emptied /etc/securetty and made the admin user a member of the wheel goup. Edited /pam.d/su so only a member of the wheel group can su root, and that user is trusted implicitly. Now there are no root logins (either remote or on console) and there is no need for anyone who might ever need root access to know the root password. This is all just SOP for security. _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
