Subject: Re: PAM and su -K
To: Roland Dowdeswell <elric@imrryr.org>
From: Charles M. Hannum <abuse@spamalicious.com>
List: tech-userlevel
Date: 01/16/2005 19:16:00
On Sunday 16 January 2005 18:55, Roland Dowdeswell wrote:
> On 1105899721 seconds since the Beginning of the UNIX epoch
>
> Emmanuel Dreyfus wrote:
> >No, because offering theses will cause us problems with PAM. We already
> >have enough with -K which is already there.
> >
> >Why was su -K introduced, BTW?
>
> Presumably because if the KDC are unavailable it will take a long
> time for the libraries to time out and try local passwords.  It is
> less necessary for things like Hesiod/NIS because you can organise
> /etc/nsswitch.conf to search files first for critical accounts.
>
> Something along those lines might work with PAM.

Perhaps it should be replaced with "-L", a la passwd(1).