[SOLVED] Deprecated pam_stack module called from service "su-l"

techdiver · 11-17-2010, 03:17 AM

Hi there,

I get the following message in /var/log/secure: Nov 15 09:27:21 su: Deprecated pam_stack module called from service "su-l"

I have done some research and it seems I need to get rid of pam_stack.so in /etc/pam.d/su but I can't find out what to use in its place.

Below is a copy of my /etc/pam.d/su file:

Code:

auth sufficient pam_rootok.so
auth required pam_stack.so service=system-auth
auth sufficient pam_stack.so service=su-root-members
auth sufficient pam_stack.so service=su-oracle-members
auth sufficient pam_stack.so service=su-other-members
auth sufficient pam_stack.so service=su-vnc-members
auth required pam_deny.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session required pam_selinux.so open multiple
session optional pam_xauth.so

From what I understand, I need to replace the line "auth required pam_stack.so service=system-auth" with "auth include system-auth"

My problem is how do I then go about limiting access to su based on group membership without pam_stack.so?

Any advice will be greatly appreaciated.

Thanks!

unSpawn · 11-17-2010, 02:09 PM

Quote:

Originally Posted by techdiver

From what I understand, I need to replace the line "auth required pam_stack.so service=system-auth" with "auth include system-auth"

That is correct.

Quote:

Originally Posted by techdiver

My problem is how do I then go about limiting access to su based on group membership without pam_stack.so?

How about "pam_listfile"?

techdiver · 11-24-2010, 01:55 AM

Thanks. That's exactly what I needed.