On Mar 1,  9:57am, tih@eunetnorge.no (Tom Ivar Helbekkmo) wrote:
-- Subject: Re: PAM enabled on head

| christos@zoulas.com (Christos Zoulas) writes:
| 
| > Everything should work as expected, but if it does not, there is always
| > send-pr.
| 
| Before I do that, could I have a sanity check from people on
| something?  I use Kerberos 5, and have a /root/.k5login that specifies
| who is allowed to access each system's root account.  Using lines of
| the form "myuser/root@MY.REALM" here, I expect su to check that the
| user invoking su is listed in the file, and ask for the Kerberos
| password of the myuser/root instance listed.
| 
| With a fresh -current, su doesn't do this check, but just asks for the
| Kerberos password of "root@MY.REALM", which doesn't even exist.

There is PR29553 for that already, and elric is looking at it.

Thanks,

christos