On Thu, Jan 22, 2015 at 10:12:09AM +0100, Jakub Hrozek wrote: > > [root@node5 ~]# su - sina > > One note -- calling su - sina bypasses the PAM stack mostly
Sorry, this was really inaccurate. I meant to say "calling su - sina from root". The reason is the pam_rootok.so module in the PAM stack returns success and doesn't query the other modules. If you called "su - sina" from another non-privileged user, you'd be asked for a password. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
