On Thu, Jan 22, 2015 at 10:12:09AM +0100, Jakub Hrozek wrote:
> > [root@node5 ~]# su - sina
> 
> One note -- calling su - sina bypasses the PAM stack mostly

Sorry, this was really inaccurate. I meant to say "calling su - sina
from root". The reason is the pam_rootok.so module in the PAM stack
returns success and doesn't query the other modules.

If you called "su - sina" from another non-privileged user, you'd be
asked for a password.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to