Hi all, I've been trying to find a good explanation for exactly what the 'likeauth' parameter to the pam_unix module actually does, when (precisely) it should be used, etc. I've found a couple of places through google searches where this is discussed, but I'm still not sure if I get it. My understanding is that if you have pam_unix listed as 'sufficient' and another module under it listed as 'required', then 'likeauth' needs to be used to ensure that the value returned by the 'sectcred()' function of the *second* module is the one returned to the application (assuming, of course, that the second module succeeds, of course). This is confusing, because I though that if any part of the module failed, the module returns a failed status, and things move to the next module. This explanation seems to imply that multiple values are returned from pam_unix, one for 'auth()', and one for 'setcred()', and the failure of one doesn't mean the module fails? Is the module called twice or something? What's the order of operations in the (quite common) scenario of having: auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok auth required /lib/security/$ISA/pam_deny.so Why do I need 'likeauth' here? What happens if I remove it? Can anyone shed s'more light or give a better example of the consequences of using or not using likeauth? Thanks, brian _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
