0

I attempted to edit the /etc/pam.d/su file to achieve the following:

  • When the current user is userX and executes su userM, no password is required. I used the following configuration:

    auth [success=ignore default=1] pam_succeed_if.so user = userM  
auth sufficient pam_succeed_if.so use_uid user = userX

  • When the current user is userY and executes su userN, no password is required. I used the following configuration:

    auth [success=ignore default=1] pam_succeed_if.so user = userN  
auth sufficient pam_succeed_if.so use_uid user = userY

The strange issue is that if I configure only userX --> userM or only userY --> userN, both work as expected.
However, when I configure both sections simultaneously, only the latter configuration (userY --> userN) works. When trying su with userX, I get the following error:

su: failed to user credentials: The return value should be ignored by PAM dispatch

Did I make a mistake in the configuration somewhere?

Improve this question
1
Related questions
1
pam account locking is not working on RHEL7
1110
Why does the C preprocessor interpret the word "linux" as the constant "1"?
1
Program is rceiving PAM_PERM_DENIED (7) when authenticating against Active Directory, while ssh works
Load 7 more related questions Show fewer related questions

0

Reset to default

Browse other questions tagged or ask your own question.