ENABLE_SUID_K5SU and ksu behavior

[Volodymyr Kostyrko]

   I don't get it... The behavior of 'ksu' is entirely different from 
'su'. It doesn't check whether user is listed in wheel group - it just 
lets user in if he knows password. And when there's no root password 
(sometimes it's much easier to add to wheel group all who is responsible 
while all other are left out) it just lets anyone in unconditionally. It 
seems that ordinary su works through pam, while ksu doesn't... What am I 
missing?

-- 
[WBR], Arcade.