Re: changing the login password's requirement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 19, 2005 at 02:19:59PM -0700, Don Russell wrote:
> This is already done on other systems (IBM mainframe VM system) and is 
> very helpful in terms of security... no need to ever share the password 
> for root (or any other ID).
[...]
> By extension, such a mechanism could be applicable to the use of "su -". 
> Instead of prompting for root's password, prompt foe the current user 
> password, then see if that user is authorized to log on to root.

Good idea. In fact, so good that it's already implemented. :)

Although it's on a per-executable basis, not per-login. Check out the files
in /etc/security/console.apps/, and the man page for "userhelper".
(Particularly, look at the USER and UGROUPS variables.)



-- 
Matthew Miller           mattdm@xxxxxxxxxx        <http://www.mattdm.org/>
Boston University Linux      ------>                <http://linux.bu.edu/>


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux