From owner-freebsd-current  Mon Dec 16  9:42:47 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D33F437B401
	for <current@FreeBSD.ORG>; Mon, 16 Dec 2002 09:42:46 -0800 (PST)
Received: from pump3.york.ac.uk (pump3.york.ac.uk [144.32.128.131])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A95C943ED1
	for <current@FreeBSD.ORG>; Mon, 16 Dec 2002 09:42:45 -0800 (PST)
	(envelope-from gavin@ury.york.ac.uk)
Received: from ury.york.ac.uk (ury.york.ac.uk [144.32.108.81])
	by pump3.york.ac.uk (8.10.2/8.10.2) with ESMTP id gBGHgTn00548;
	Mon, 16 Dec 2002 17:42:29 GMT
Received: from ury.york.ac.uk (localhost.york.ac.uk [127.0.0.1])
	by ury.york.ac.uk (8.12.6/8.12.6) with ESMTP id gBGHgTTI032066;
	Mon, 16 Dec 2002 17:42:29 GMT
	(envelope-from gavin@ury.york.ac.uk)
Received: from localhost (gavin@localhost)
	by ury.york.ac.uk (8.12.6/8.12.6/Submit) with ESMTP id gBGHgSO6032063;
	Mon, 16 Dec 2002 17:42:28 GMT
Date: Mon, 16 Dec 2002 17:42:28 +0000 (GMT)
From: Gavin Atkinson <gavin@ury.york.ac.uk>
To: David Malone <dwmalone@maths.tcd.ie>
Cc: Craig Boston <craig@xfoil.gank.org>, "" <current@FreeBSD.ORG>
Subject: Re: su(1) problem on -current
In-Reply-To: <20021215202040.GB10636@walton.maths.tcd.ie>
Message-ID: <20021216173131.O31211-100000@ury.york.ac.uk>
References: <1039973731.751.11.camel@darth-laptop> <20021215195157.H58191-100000@ury.york.ac.uk>
 <20021215202040.GB10636@walton.maths.tcd.ie>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG


On Sun, 15 Dec 2002, David Malone wrote:

> On Sun, Dec 15, 2002 at 08:00:55PM +0000, Gavin Atkinson wrote:
> > Confirmed. in su.c it seems that pam_authenticate is returning
> > PAM_AUTH_ERR, when it presumably should not be doing so.
>
> Try getting rid of the auth_as_self in /etc/pam.d/su for the
> pam_wheel module.

This fixes it. Although I don't understand why this wasn't needed until
recently.

Is there any reason to have the default pam su config contain
auth_as_self? It just seems to introduce yet another (and quite annoying)
incompatibility between 4.x and 5.x without achieving anything obvious.

Maybe we could get auth_as_self removed from pam_wheel in /etc/pam.d/su?

Gavin

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message