2
# The PAM configuration file for the Shadow `su' service
5
# Uncomment this to force users to be a member of group root
6
# before they can use `su'. You can also add "group=foo" to
7
# to the end of this line if you want to use a group other
8
# than the default "root".
9
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
10
# auth required pam_wheel.so
12
# Uncomment this if you want wheel members to be able to
13
# su without a password.
14
# auth sufficient pam_wheel.so trust
16
# Uncomment this if you want members of a specific group to not
17
# be allowed to use su at all.
18
# auth required pam_wheel.so deny group=nosu
20
# This allows root to su without passwords (normal operation)
21
auth sufficient pam_rootok.so
23
# Uncomment and edit /etc/security/time.conf if you need to set
24
# time restrainst on su usage.
25
# (Replaces the `PORTTIME_CHECKS_ENAB' option from login.defs
26
# as well as /etc/porttime)
27
# account requisite pam_time.so
29
# The standard Unix authentication modules, used with
30
# NIS (man nsswitch) as well as normal /etc/passwd and
31
# /etc/shadow entries.
33
@include common-account
34
@include common-session
36
# Sets up user limits, please uncomment and read /etc/security/limits.conf
37
# to enable this functionality.
38
# (Replaces the use of /etc/limits in old login)
39
# session required pam_limits.so