From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.2.17-14 i686)
One cannot make use of ~/.rhosts files to permit password-less su-ing
specific users. The pam_rhosts_auth.so seems to not be honored by su or
pam_rhosts_auth.so is not correctly parsing ~/.rhosts.
Steps to Reproduce:
1. Create a ~user1/.rhosts file, mode 0400, owned by user1, that contains
2. Add the following line to /etc/pam.d/su:
auth sufficient /lib/security/pam_rhosts_auth.so no_hosts_equiv
just above line:
auth required /lib/security/pam_stack.so service=system-auth
3. login to user2 and:
su - user1
Actual Results: The su - user1 command prompted for a password.
Expected Results: The pam_rhosts_auth.so should have consulted the
~user1/.rhosts file, matched
one of several possible lines for user2 and allowed user2 to su without a
The 'su' program doesn't set the requesting host PAM item which the
pam_rhosts_auth module is used for (though the usage you suggest is intriguing
in its similarity to the authorization methods used by ksu, which is part of the
Kerberos package). I suspect that what you're trying to do would be better
handled by the sudo package, though.