su / shadow & /etc/suauth

Julien Lecomte julien at famille-lecomte.net
Thu Jan 4 04:55:45 PST 2007


Dan Nicholson wrote:
> On 1/2/07, Julien Lecomte <julien at famille-lecomte.net> wrote:
>> I can't get 'su' and '/etc/suauth' to work correctly on my 6.2 LFS
>> system. My system is up and running correctly apart from this minor problem.
>>
>> When I 'su', it doesn't seem that '/etc/suauth' is used. For example, my
>> /etc/suauth (root:root, 600) only contains
>> root:ALL EXCEPT GROUP wheel:DENY
> 
> I've never tried using suauth, but I just looked at the source, and it
> is only enabled if you're using PAM.

Thanks for pointing this out; I've then tried to configure shadow 
(4.0.15) with and without the 'libpam' configure switch.
Please note that my system neither has libpam nor libcrack installed.

The following configure works:
./configure --libdir=/lib --enable-shared --without-selinux \
   --without-libcrack --without-libpam

While the following does not:
./configure --libdir=/lib --enable-shared --without-selinux \
   --without-libcrack

By 'works', I mean that after configure, make && install, suauth is 
correctly read and used.
The output of shadow's configure verifies that since it will output that 
it will enable PAM in the second case. Why enable PAM since it's not 
installed? This seems like a shadow configure bug.

Maybe LFS 6.2 is also affected by this since the instructions doesn't 
say to pass '--without-libpam' in the basic install and PAM is not 
installed.

Julien





More information about the lfs-support mailing list