On Thu, Jan 22, 2015 at 10:12:09AM +0100, Jakub Hrozek wrote:
> > [root@node5 ~]# su - sina
> One note -- calling su - sina bypasses the PAM stack mostly

Sorry, this was really inaccurate. I meant to say "calling su - sina
from root". The reason is the pam_rootok.so module in the PAM stack
returns success and doesn't query the other modules.

If you called "su - sina" from another non-privileged user, you'd be
asked for a password.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to