how to stop pam from authenticating su
so I configured pam with tacplus to authenticate ssh connections against a tacacs server, but now when users log in (to local accounts not using the tacplus authentication) they cant use other commands such as passwd and su which are being restricted by pam. Here is what I see in /var/logmessages:
Aug 11 09:38:07 linux PAM-warn[26364]: function=[pam_sm_chauthtok] service=[passwd] terminal=[<unknown>] user=[cdeedc] ruser=[<unknown>] rhost=[<unknown>]
Where do I need ot make changes so that these additional commands are not looking to pam for authorization, or how do I authorize users to execute these commands using PAM?
right now /etc/pam.d/passwd is as it was when I installed pam the the exception of commenting every line out in an attempt to kill the authorization:
#%PAM-1.0
#auth required pam_unix2.so nullok
#account required pam_unix2.so
#password required pam_pwcheck.so nullok
#password required pam_unix2.so nullok use_first_pass use_authtok
#password required pam_make.so /var/yp
#session required pam_unix2.so
TIA
|