Exempt the "wheel group requirement" by default when su'ing to root if
the wheel group has no explicit members listed in /etc/group. This adds the "exempt_if_empty" flag to pam_wheel in the default configuration; in some environments, it may be appropriate to remove this flag, however, this default is the same as pre-pam_wheel. Reviewed by: markm Sponsored by: DARPA, Network Associates Laboratories
This commit is contained in:
Robert Watson
parent
195426c211
commit
64ac587b8a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=105374
@ -7,7 +7,7 @@
|
||||
# auth
|
||||
auth sufficient pam_rootok.so no_warn
|
||||
auth sufficient pam_self.so no_warn
|
||||
auth requisite pam_wheel.so no_warn auth_as_self noroot_ok
|
||||
auth requisite pam_wheel.so no_warn auth_as_self noroot_ok exempt_if_empty
|
||||
#auth sufficient pam_kerberosIV.so no_warn
|
||||
#auth sufficient pam_krb5.so no_warn try_first_pass auth_as_self
|
||||
auth sufficient pam_opie.so no_warn no_fake_prompts
|
||||
|
||||
Loading…
Reference in New Issue
Block a user