pam_ldap and nss_ldap : checken and egg problem with "wheel"
group and "su" utility
Ruben de Groot
mail25 at bzerk.org
Tue Sep 27 14:09:32 UTC 2011
On Mon, Sep 26, 2011 at 07:44:32PM +0400, Lev Serebryakov typed:
> Hello, Rene.
> You wrote 26 ???????????????? 2011 ??., 15:07:09:
>
> > Why not have /etc/group be authoritive for wheel (an thus have a list
> > of local superusers).
> Idea is to have no local users (but root) at all :)
How about creating an ldap group 'su-users' and changing /etc/pam.d/su
to have the line:
auth requisite pam_group.so no_warn group=su-users root_only fail_safe
More information about the freebsd-security
mailing list