From e18a32d5087462ed33741eb13a5e85ab0fcfbcaf Mon Sep 17 00:00:00 2001
From: Patrick Schleizer <adrelanos@riseup.net>
Date: Sun, 13 Sep 2015 18:36:18 +0000
Subject: [PATCH] Fixed /etc/pam.d/su.qubes. (Moved line 'auth sufficient
 pam_permit.so' up. May not be low '@include' lines.)

---
 misc/pam.d_su.qubes | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/misc/pam.d_su.qubes b/misc/pam.d_su.qubes
index fdeda5f..99b6c22 100644
--- a/misc/pam.d_su.qubes
+++ b/misc/pam.d_su.qubes
@@ -51,16 +51,16 @@ session    optional   pam_mail.so nopen
 # (Replaces the use of /etc/limits in old login)
 session    required   pam_limits.so
 
-# The standard Unix authentication modules, used with
-# NIS (man nsswitch) as well as normal /etc/passwd and
-# /etc/shadow entries.
-@include common-auth
-@include common-account
-@include common-session
-
 # {{ Qubes specific modifications being here
 #    Prevent 'su -' from asking for password in Debian [based] templates.
 #    https://github.com/QubesOS/qubes-issues/issues/1128
 #    Feel free to comment out the following line.
 auth sufficient pam_permit.so
 # }} Qubes specific modifications end here
+
+# The standard Unix authentication modules, used with
+# NIS (man nsswitch) as well as normal /etc/passwd and
+# /etc/shadow entries.
+@include common-auth
+@include common-account
+@include common-session