On Fri, Jun 27, 2014 at 07:33:06PM +0200, Lukas Slebodnik wrote:
On (28/06/14 00:03), XuQing Tan wrote:
Hi folks
i setup sssd 1.9.2 on centos 6 x64 i can get the user info via 'id <user>' i can su to that user as root (no password prompt since i'm root)
[root@nick-ldap ~]# su - nick -sh-4.1$ exit logout
root can swith to another user without any prompting password. (pam_sss was not involved) It is default behaviour. I am not pam expert, but it should be caused by next line in /etc/pam.d/su
account sufficient pam_succeed_if.so uid = 0 use_uid quiet
It's pam_rootok: http://linux.die.net/man/8/pam_rootok