Bug 113825 - RFE: /etc/pam.d/su should use pam_timestamp
Summary: RFE: /etc/pam.d/su should use pam_timestamp
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: coreutils (Show other bugs)
(Show other bugs)
Version: 3.0
Hardware: All Linux
Target Milestone: ---
Assignee: Tim Waugh
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-01-19 00:35 UTC by Mike MacCana
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-12-10 16:34:01 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Mike MacCana 2004-01-19 00:35:18 UTC
Description of problem: 
pam_timestamp, which (I believe) is used by the redhat-config tools 
to remember that a user has recently entered a particular set of 
credentials, is a really nifty tool and saves users a lot of time. It 
would be quite useful if the 'su' tool was also capable of 
remembering these credentials, saving users from the hassle of typing 
the password for the user they're switching to every time they wish 
to run su in a shell. 
Version-Release number of selected component (if applicable): 
How reproducible: 
Steps to Reproduce: 
1.Use the redhat-config tools, marvel at the convenience of the nifty 
2.Open a terminal, su, enter the password again, open another 
terminal, su, enter the password again, etc. 
3.Wonder if some lovely person would set up su to use pam_timestamp 
and save users heaps of time 
Actual results: 
Expected results: 
Additional info:

Comment 1 Tim Waugh 2004-01-19 16:27:25 UTC
Not sure about this.

Nalin, what do you think?

Comment 2 Nalin Dahyabhai 2004-01-19 17:36:56 UTC
I'd say WONTFIX, most emphatically.

Rationale: when we first looked at introducing pam_timestamp, it's
non-obviousness in most situations was a problem, because it surpised
just about everybody.  To alleviate this, the panel icon was added. 
This won't do for 'su' (or other text-mode configuration tools)
because you can't be certain that it's being run in a graphical
environment where the panel icon can signal the user that this is
going on.  For this reason, text-mode interfaces don't use
pam_timestamp, and in my mind the same reasoning applies 'su'.

Comment 3 Tim Waugh 2004-01-19 18:16:32 UTC
Makes sense to me.

Comment 4 Mike MacCana 2004-01-20 03:03:20 UTC
A simple solution would be to change the prompt to indicate the
timestamp is active.

This would save a huge amount of time and address the current
inconsistency between graphical and command line tools.

Comment 5 Tim Waugh 2004-12-10 16:34:01 UTC
Putting indicators in the prompt isn't generally liked (see fedora-devel
discussion for example).

Note You need to log in before you can comment on or make changes to this bug.