On Mon, Sep 26, 2011 at 07:44:32PM +0400, Lev Serebryakov typed: > Hello, Rene. > You wrote 26 ???????????????? 2011 ??., 15:07:09: > > > Why not have /etc/group be authoritive for wheel (an thus have a list > > of local superusers). > Idea is to have no local users (but root) at all :)
How about creating an ldap group 'su-users' and changing /etc/pam.d/su to have the line: auth requisite pam_group.so no_warn group=su-users root_only fail_safe _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
