Bug 113825

Summary: RFE: /etc/pam.d/su should use pam_timestamp
Product: Red Hat Enterprise Linux 3 Reporter: Mike MacCana <mmaccana>
Component: coreutilsAssignee: Tim Waugh <twaugh>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: nalin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-12-10 16:34:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike MacCana 2004-01-19 00:35:18 UTC 
Description of problem: 
pam_timestamp, which (I believe) is used by the redhat-config tools 
to remember that a user has recently entered a particular set of 
credentials, is a really nifty tool and saves users a lot of time. It 
would be quite useful if the 'su' tool was also capable of 
remembering these credentials, saving users from the hassle of typing 
the password for the user they're switching to every time they wish 
to run su in a shell. 
 
Version-Release number of selected component (if applicable): 
 
 
How reproducible: 
Always 
 
Steps to Reproduce: 
1.Use the redhat-config tools, marvel at the convenience of the nifty 
pam_timestamp 
2.Open a terminal, su, enter the password again, open another 
terminal, su, enter the password again, etc. 
3.Wonder if some lovely person would set up su to use pam_timestamp 
and save users heaps of time 
   
Actual results: 
 
 
Expected results: 
 
 
Additional info:
Comment 1 Tim Waugh 2004-01-19 16:27:25 UTC 
Not sure about this.

Nalin, what do you think?
Comment 2 Nalin Dahyabhai 2004-01-19 17:36:56 UTC 
I'd say WONTFIX, most emphatically.

Rationale: when we first looked at introducing pam_timestamp, it's
non-obviousness in most situations was a problem, because it surpised
just about everybody.  To alleviate this, the panel icon was added. 
This won't do for 'su' (or other text-mode configuration tools)
because you can't be certain that it's being run in a graphical
environment where the panel icon can signal the user that this is
going on.  For this reason, text-mode interfaces don't use
pam_timestamp, and in my mind the same reasoning applies 'su'.
Comment 3 Tim Waugh 2004-01-19 18:16:32 UTC 
Makes sense to me.
Comment 4 Mike MacCana 2004-01-20 03:03:20 UTC 
A simple solution would be to change the prompt to indicate the
timestamp is active.

This would save a huge amount of time and address the current
inconsistency between graphical and command line tools.
Comment 5 Tim Waugh 2004-12-10 16:34:01 UTC 
Putting indicators in the prompt isn't generally liked (see fedora-devel
discussion for example).