On Fri, Jun 27, 2014 at 07:33:06PM +0200, Lukas Slebodnik wrote: > On (28/06/14 00:03), XuQing Tan wrote: > >Hi folks > > > >i setup sssd 1.9.2 on centos 6 x64 > >i can get the user info via 'id <user>' > >i can su to that user as root (no password prompt since i'm root) > > > >[root@nick-ldap ~]# su - nick > >-sh-4.1$ exit > >logout > > > root can swith to another user without any prompting password. > (pam_sss was not involved) > It is default behaviour. > I am not pam expert, but it should be caused by next line in /etc/pam.d/su > > account sufficient pam_succeed_if.so uid = 0 use_uid quiet
It's pam_rootok: http://linux.die.net/man/8/pam_rootok _______________________________________________ sssd-users mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/sssd-users
