/etc/suauth

[Adam Myrow]

If I understand what you are saying, this would allow one to become root 
without giving the root password.  This sounds like a really bad idea to 
me.  If a cracker should get the regular password to any account on the 
system, he can just type "su" and become root without the password.  The 
whole point is to prevent the cracker from gaining root access, not make 
it easier.  In order to install a key logger on a system, the cracker must 
either be root, or trick an administrator into installing it, possibly via 
a Trojan Horse.  If you are accessing your Linux system via the console, 
I.E. sitting at the computer, the root password will not be sent out over 
the Internet unless your system has been compromised.  If you must access 
the root account remotely via the "su" command, connecting to the system 
via SSH is strongly recommended.