On 27 March 2014 18:50, Russ Allbery <ea...@eyrie.org> wrote: > Wendy Lin <wendlin1...@gmail.com> writes: > >> Where is the pam config which controls whether pam_krb5 is not called >> for user root? > > On Debian and Ubuntu, it's this part at the top of /etc/pam.d/su: > > # This allows root to su without passwords (normal operation) > auth sufficient pam_rootok.so
No No. I was asking for s su - root, for a plain, normal user. In that case pam_krb5 is not called, or does not fill in any tickets. But a kinit afterwards as user root does fill in the tickets Wendy ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
