On 2020-05-13T22:26:16 +0100, Andy Pieters wrote:
> Hi Matt
>
> On Wed, 13 May 2020 at 15:01, Andy Pieters <arch-general@xxxxxxxxxxxxxxxxx>
> wrote:
>
> >
> >
> > On Wed, 13 May 2020 at 14:53, Matt Pallissard <matt@xxxxxxxxxxxxxx> wrote:
> >
> >>
> >> On 2020-05-13T12:39:50 +0100, Andy Pieters wrote:
> >>
> >> Should be doable, skip to pam_exec.so with `success=${num lines to skip}`
> >>
> >
> Something appears to be wrong with that. As soon as I add [success=n]
> logins start failing with
>
> PAM unable to dlopen(/usr/lib/security/required):
> /usr/lib/security/required:
> cannot open shared object file: No such file or directory
>
> and
> PAM adding faulty module: /usr/lib/security/required
>
> Looking through the man pages of pam_yubico and comparing it with those of
> pam_deny and pam_succeed_if
> it seems that pam_yubico does not support the passing of [success=,
> default=] conditions...
/usr/lib/security/required doesn't look like a valid module. I'd imagine that there is a missing bracket or something in your config file.
Also, If reading `man pam.conf` is anything to go by, the success behavior handled by pam itself. The module in question should have nothing to do with it.
As an aside, this works for me with pam_krb.so.
Matt Pallissard
Attachment:
signature.asc
Description: PGP signature
