"su" bug

[Robert Watson]

On Mon, 19 May 2003, Frank Bonnet wrote:

> I notice at 5.1-BETA-20030507-JPSNAP I am able to "su -" anyone ( even
> root )  without typing any passwd from a normal user account. 
> 
> The machine use nss_ldap if it makes a difference. 

Sounds bad.

Are you running with any customizations to your PAM configuration; if so,
could you post the diffs against /usr/src/etc/pam.d, as well as your
nsswitch.conf file?

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Network Associates Laboratories