What happens if you try to 'su - abc' as a newly created user? Does it still work then?
I'm a little confused as well by your finding, since "man roles" clearly states that: "Role assumption may be performed using su(1M), rlogin(1), or some other service that supports the PAM_RUSER variable Successful assumption requires knowledge of the role's password and membership in the role. Role assignments are specified in user_attr(4)." Which would seem to imply that even if you have removed the password, that user account should still require the role being assigned to it to assume the role. Output of /usr/bin/profiles -l might be helpful too? -- Shawn Walker, Software and Systems Analyst [EMAIL PROTECTED] - http://binarycrusader.blogspot.com/ _______________________________________________ opensolaris-discuss mailing list [email protected]
