# $NetBSD: su.in,v 1.1 2024/12/30 21:59:08 jmmv Exp $

# $NetBSD: su.in,v 1.1 2024/12/30 21:59:08 jmmv Exp $
#
# PAM configuration for the "su" service
#

# auth
auth sufficient pam_rootok.so no_warn
auth sufficient pam_self.so no_warn
auth sufficient pam_skey.so no_warn try_first_pass
#auth sufficient pam_u2f.so authfile=/etc/u2f_mappings cue
#auth sufficient pam_ksu.so no_warn try_first_pass
#auth sufficient pam_group.so no_warn group=rootauth root_only authenticate
auth requisite pam_group.so no_warn group=wheel root_only fail_safe
auth required pam_unix.so no_warn try_first_pass nullok

# account
account required pam_login_access.so
account include system

# session
session required pam_permit.so