I'm fairly new to PAM but can't you do something like the following. account [success=n default=ignore] module_1 pam_args .... account require module_2 pam_args .... account optional module_3 pam_args .... If module_1 is successful, skip the next n (n = 1 in your case) module(s) in the stack of that type (account), continuing with module_3. If not, ignore its return value and continue the module stack execution, namely module_2. Shawn On Fri, 1 Nov 2002, John Newbigin wrote: > I have a pam configuration issue which I hope someone can help me with. > Basically I want to do this: > required module_1 OR module_2 > optional module_3 > > The user can authenticate with either module 1 or 2. If one is > successful there is no need to check the other. If either are > successful then module 3 should be invoked. > > AFAIK, this (if possible) requires the complicated syntax which is a bit > confusing. > > This is what I am using currently in system-auth: > auth required /lib/security/pam_env.so > auth sufficient /lib/security/pam_unix.so likeauth nullok > auth requisite /lib/security/pam_smb_auth.so use_first_pass > nolocal > auth optional /lib/security/pam_smbpw.so > > If the user is authenticated with pam_unix OR pam_smb_auth then > pam_smbpw should be invoked. > > Any help would be greatly appreciated. > > John. > > -- > Information Technology Innovation Group > Swinburne University. Melbourne, Australia > http://uranus.it.swin.edu.au/~jn > > > > _______________________________________________ > > Pam-list@redhat.com > https://listman.redhat.com/mailman/listinfo/pam-list > _______________________________________________ Pam-list@redhat.com https://listman.redhat.com/mailman/listinfo/pam-list
