Lennart Poettering wrote:
Yes, you're right. I want the service to be accessible with the "service password" only (in .pam file). Now when the password is not set I wantCan you please give an example how to force usage of the service-specific password when set ?
Have I understood correctly? You want to deny access with the unix
password when a .pam file exists for the specific user, but allow it
when it doesn't exist?
Hmmm, I don't think that this is currently possible.
But I must admit that this is a nice idea.
Currently pam_dotfile doesn't make a difference between "bad password"
and "no .pam file existent". Maybe it should - this would allow you to
implement this kind auf authentication. (e.g. with that modern [ foobar ] syntax in pam configuration files.)
it to use system password. It would be nice if it allow to lock "account" (in this case service) by prefixing password with '!!' :).
I must say I'm not well pam-educated so it is possible any of these things achieve with pam rules.
_______________________________________________
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list