Andrew> ... confusing itself (it might be trampling Andrew> on its own pam_[gs]et_data() items for example...?). Nalin> Actually, it likely does confuse itself in this way (it stores the Nalin> previous authentication request's status and returns it to ensure the Nalin> stack is always traversed the same way, though it shouldn't be necessary Nalin> with Linux-PAM >= 0.74 or so). Nalin> I'm not sure what the best way to go about fixing that is, though. Makes sense. I just downloaded the module's code and was looking at it a little, and was coming to the same conclusion. [Can you update the module documentation to indicate this might be a problem?] Nalin, what's your feeling about supporting a list of realms to check on a single call to the module? That's ultimately what I'd like to do, and in my case, would sidestep the issue of how to fix multiple calls to the module. My thought on this would be allowing a list of realms to check, such as realm=A.CORP.COM;B.CORP.COM and when a success is found, stop checking. If this seemed a good approach, I'll pursue it. Feel free to take this offlist if we're going outside scope. jc
