In message <200509030142.j831gFMB004060@vtn1.victoria.tc.ca>, John Nemeth write
s:
>On Jan 23,  3:12pm, Peter Seebach wrote:
>}
>} $ su
>} su: pam_start failed
>} 
>} Well, that's awfully nice.  Such a detailed message!  And it makes it so easy
>} to fix the problem, too!
>
>     Is there anything logged?  What are the permissions on su?  What
>is in /etc/pam.d?
>
>     BTW, since this is a security issue, messages to users shouldn't
>be overly detailed; the logs are where the details should be.

Yup.  Turns out that I didn't run all the postinstall stuff, and pam.d was
empty.  *sigh*.  Better than it was last time.

I would prefer if the fallback for lack of PAM configuration were "just act
like a traditional UNIX box".

And remember, an NFS filesystem mounted without nosuid can save your life.

-s