I don't allow ssh as root unless you have a key, so that check doesn't
help. I diffed the files and they are the same. It's su, not sudo, so
it's not the sudoers file. I kept working over the files tonight and it
magically started working again. I just modified common-account and it
started working. I switched the file back and it still worked. I
rebooted the machine and it still worked, so I'm really confused as to
what was going on.

Marc Skinner wrote:
> do you get the same response when you SSH into that box as root?  if
> not, it might be a SUDOers issue.  if you do, then i would check and
> diff the pam config files against a working server.  also, check
> nsswitch.conf - make sure it is configured just like your other servers.
>
>
> Jon Schewe wrote:
> > I have a set of systems using Kerberos+LDAP for authentication. They are
> > all running OpenSuse 11.0, with one at 11.1. One of the 11.0 systems is
> > allowing users to su to root without a password. If I su and type in a
> > password (even the right one), I get a failure. If I just hit return for
> > the password, then I'm root. I checked and the password is set for root.
> > Root is not in kerberos nor LDAP. Any ideas? My other systems are
> > working correctly.
>
>

-- 
Jon Schewe | http://mtu.net/~jpschewe
If you see an attachment named signature.asc, this is my digital
signature. See http://www.gnupg.org for more information.

For I am convinced that neither death nor life, neither angels nor
demons, neither the present nor the future, nor any powers,
neither height nor depth, nor anything else in all creation, will
be able to separate us from the love of God that is in Christ
Jesus our Lord. - Romans 8:38-39