christos@zoulas.com (Christos Zoulas) writes:

> Everything should work as expected, but if it does not, there is always
> send-pr.

Before I do that, could I have a sanity check from people on
something?  I use Kerberos 5, and have a /root/.k5login that specifies
who is allowed to access each system's root account.  Using lines of
the form "myuser/root@MY.REALM" here, I expect su to check that the
user invoking su is listed in the file, and ask for the Kerberos
password of the myuser/root instance listed.

With a fresh -current, su doesn't do this check, but just asks for the
Kerberos password of "root@MY.REALM", which doesn't even exist.

-tih
-- 
Don't ascribe to stupidity what can be adequately explained by ignorance.