PAM_KSU(8) | System Manager's Manual | PAM_KSU(8) |
pam_ksu
—
auth
” feature. The module is
specifically designed to be used with the
su(1) utility.
pam_sm_authenticate
()), and
determine whether or not the user is authorized to obtain the privileges of
the target account. If the target account is “root”, then the
Kerberos 5 principal used for authentication and authorization will be the
“root” instance of the current user, e.g.
“user/root@REAL.M
”. Otherwise, the
principal will simply be the current user's default principal, e.g.
“user@REAL.M
”.
The user is prompted for a password if necessary. Authorization is performed by comparing the Kerberos 5 principal with those listed in the .k5login file in the target account's home directory (e.g. /root/.k5login for root).
The following options may be passed to the authentication module:
debug
LOG_DEBUG
level.use_first_pass
try_first_pass
use_first_pass
option, except that if the previously obtained password fails, the user is
prompted for another password.May 15, 2002 | NetBSD 9.4 |