Question:
Postgres and dictd won't start because the PAM su doesn't work unless
the user calling it is in utmp. It reports that it can't set up
PAM_RUSER, and fails to `su' and start the daemon.
Why does it do things that way? Is there any good reason why we can't
patch `pam_rootok.so' so that it lets root `su' without needing to be
registered in utmp?
Answer:
This issue is a problem handling devpts (su worked for cronjobs prior
to glibc 2.1).
All of this will hopefully be meaningless since I hope that shadow will
soon be compiled with PAM support, as pam-apps is less than an optimal
solution (it's mising key programs that are needed in order to really
replace the shadow suite).
Maybe we should just grab "su" et al from Red Hat? (Which works quite
well with libc6 - in a previous Debian installation, I successfully
used the "login" program from RedHat because it worked much better
with PAM and libc2.1 than the pam-apps one. Same for the passwd and
su programs, IIRC. - I needed the RedHat utils cause I was testing
LDAP, and working PAM is essential for testing LDAP.)
