At 02:32 PM 1/8/00 -0500, Garrett wrote:
><<On Sat, 08 Jan 2000 11:29:36 -0800, "Kurt D. Zeilenga" <[EMAIL PROTECTED]> said:
>
>> I've noticed that su(1) is not yet PAM'ized. Is anybody
>> working on this? If so, I'm willing to test. If not
>> and time permits, I'll see if I can whip up an appropriate
>> patch.
>
>If you do this, please take care not to break WHEELSU (and its
>Kerberos equivalent), which has its fingers everywhere.
I would suggest:
If NO_PAM, the behavior would be simple, traditional BSD
behavior with very few optional features (such as WHEELSU).
If PAM, then Kerberos and Skey support would be provided
via appropriate PAM modules. This means that auth.conf
can go away. WHEELSU can (and should) be provided by
pam_wheel.
So, the very first thing I would do to PAM'ize su.c would
be to:
mv su.c su.c.orig
unifdef -UKERBEROS -USKEY < su.c.orig > su.c
Then I would add in PAM calls behind #ifndef NO_PAM.
Kurt
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
