why "auth sufficient pam_deny.so" accepts *ANY AND ALL* passwords!?!??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



How come if I change "required" to "sufficient" on the pam_deny
line of common-auth file below it then allows all login attempts to
succeed!?!

It doesn't even care what password is typed!???


[/etc/pam.d] # more common-account common-auth common-password
::::::::::::::
common-account
::::::::::::::
account required        pam_tally.so
account sufficient      pam_unix.so
account sufficient      pam_deny.so
::::::::::::::
common-auth
::::::::::::::
auth    required        pam_env.so
auth    required        pam_tally.so deny=5 unlock_time=900
onerr=succeed
auth    sufficient      pam_unix.so
auth    required        pam_deny.so
::::::::::::::
common-password
::::::::::::::
password required       pam_cracklib.so retry=3 minlen=12 difok=4
password sufficient     pam_unix.so     md5
password sufficient     pam_deny.so


Chris

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux