Red Hat Bugzilla – Bug 113825
RFE: /etc/pam.d/su should use pam_timestamp
Last modified: 2007-11-30 17:07:00 EST
Description of problem:
pam_timestamp, which (I believe) is used by the redhat-config tools
to remember that a user has recently entered a particular set of
credentials, is a really nifty tool and saves users a lot of time. It
would be quite useful if the 'su' tool was also capable of
remembering these credentials, saving users from the hassle of typing
the password for the user they're switching to every time they wish
to run su in a shell.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Use the redhat-config tools, marvel at the convenience of the nifty
2.Open a terminal, su, enter the password again, open another
terminal, su, enter the password again, etc.
3.Wonder if some lovely person would set up su to use pam_timestamp
and save users heaps of time
Not sure about this.
Nalin, what do you think?
I'd say WONTFIX, most emphatically.
Rationale: when we first looked at introducing pam_timestamp, it's
non-obviousness in most situations was a problem, because it surpised
just about everybody. To alleviate this, the panel icon was added.
This won't do for 'su' (or other text-mode configuration tools)
because you can't be certain that it's being run in a graphical
environment where the panel icon can signal the user that this is
going on. For this reason, text-mode interfaces don't use
pam_timestamp, and in my mind the same reasoning applies 'su'.
Makes sense to me.
A simple solution would be to change the prompt to indicate the
timestamp is active.
This would save a huge amount of time and address the current
inconsistency between graphical and command line tools.
Putting indicators in the prompt isn't generally liked (see fedora-devel
discussion for example).