Subject: Re: pam+ldap
To: Christos Zoulas <christos@tac.gw.com>
From: Thierry Lacoste <th.lacoste@wanadoo.fr>
List: netbsd-help
Date: 05/29/2005 21:08:17
On Sunday 29 May 2005 19:54, Christos Zoulas wrote:
> In article <200505291327.22871.th.lacoste@wanadoo.fr>,
>
> Thierry Lacoste  <th.lacoste@wanadoo.fr> wrote:
> >$ cat /etc/pam.d/su
> ># $NetBSD: su,v 1.6 2005/04/05 18:23:36 christos Exp $
> >#
> ># PAM configuration for the "su" service
> >#
> >
> ># auth
> >auth            sufficient      pam_rootok.so           no_warn
> >auth            sufficient      pam_self.so             no_warn
> >auth            sufficient      pam_ksu.so              no_warn
> > try_first_pass #auth           sufficient      pam_group.so           
> > no_warn group=rootauth root_only authenticate
> >auth            requisite       pam_group.so            no_warn
> > group=wheel
>
> The requisite line fails because guest in not in wheel and thus yout
> ldap entry does not get executed.
>
> christos
Er ... I don't understand. I am root when I do 'su - guest'.
The target of the su doesn't have to be in the wheel group ...
... correct?

Thierry.