Thor Lancelot Simon <tls@rek.tjls.com> wrote:

> > Switching su to PAM kills the -K option. We have 3 choices:=20
> It messes up the more commonplace -l, too, doesn't it?

No, a lot of environement and persmission code has to be kept around in
su just to support -m and -l. Most of the semantics of those two flags
are preserved. I just have one concern with using -l along with -c
loginclass, but Christos might have fixed it already, I have to read the
sources.

Today's problem is su -K. We'll see other issues later.=20
=20
> I use -K or -l when I need to be root _quickly_ during Kerberos
> failures (less common than it used to be since I don't hack on
> Kerberos itself any more, but I used to have to do it quite a
> bit).  I would be annoyed if they disappeared.

Do you have any preference between the two other proposals? (PAM API
extension just for su -K or the su_nokerberos service) =20

--=20
Emmanuel Dreyfus
Un bouquin en fran=E7ais sur BSD:
http://www.eyrolles.com/Informatique/Livre/9782212114638/livre-bsd.php
manu@netbsd.org