Red Hat Bugzilla – Bug 198964
Incorrect behavior of PAM auth with /lib/security/pam_rootok.so commented out
Last modified: 2007-11-30 17:06:55 EST
Description of problem:
When user "root" uses the su command to change to another user, the system
should prompt for user's password if the following line is commented out in the
file /etc/pam.d/su :
#auth sufficent /lib/security/pam_rootok.so
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Comment out "auth sufficent /lib/security/pam_rootok.so" in /etc/pam.d/su
2. su username
No password asked for
Password is asked for
This behavior works with
RHEL 3.0 pam-0.75-54
This is feature of su in RHEL2.1. (PAM is almost identical in RHEL3 and RHEL2.1)
I don't think it should/will be changed now.
Reassigning to sh-utils maintainer for final decision.
No, we can't change that at this point.