On Monday, 10 October 2016, Laurentiu Pancescu <lpancescu@gmail.com> wrote:
The images would still follow the upstream recommendations, I have no intention of changing the default SSH key or password.  In my local implementation:

- vagrant and root can use su and sudo without limitations (no change)
- other users can't use sudo... (no change)
- ...but can still su to any accounts except root or vagrant

This matches the sudo configuration pretty closely. [...]

Sorry, I did misunderstand - I thought you would need to change the passwords. I realise now you're talking about using pam to just limit access to su. That makes sense. Sorry for the noise.