iterating over the (possibly empty) list of members. Otherwise, we
get a false negative when the target group has no members listed in
/etc/group. This went mostly unnoticed because root is explicitly
listed as a member of wheel, so the bug is never triggered in the most
common use case, which is su(8).
PR: 109416
MFC after: 1 week
behavior, where the module checks that the supplicant is a member of the
required group. The latter checks the target user instead. If neither
option was specified, pam_group(8) assumes "ruser" and issues a warning.
I intend to eventually change the default to "luser" to match the
behavior of similarly-named service modules in other operating systems.
MFC after: 1 month
pam_wheel(8) module was written to work in spite of a broken libpam, and
has grown organically since its inception, which is reflected in both its
functionality and implementation. Rather than clean up pam_wheel(8) and
break backward compatibility, I've chosen to reimplement it under a new,
more generic name.
Sponsored by: DARPA, NAI Labs
