On Jun 8,  8:31am, Roland Dowdeswell wrote:
} On 1105899721 seconds since the Beginning of the UNIX epoch
} Emmanuel Dreyfus wrote:
} 
} >No, because offering theses will cause us problems with PAM. We already
} >have enough with -K which is already there.
} >
} >Why was su -K introduced, BTW?
} 
} Presumably because if the KDC are unavailable it will take a long
} time for the libraries to time out and try local passwords.  It is
} less necessary for things like Hesiod/NIS because you can organise
} /etc/nsswitch.conf to search files first for critical accounts.
} 
} Something along those lines might work with PAM.

     The order the authentication methods are tried is completely up to
the system administrator.  PAM will try the methods in the order that
they appear in the configuration file.  If you flag a method with
"sufficient" then PAM will stop and grant the user access if the method
in question says that the user is valid.

}-- End of excerpt from Roland Dowdeswell