How come if I change "required" to "sufficient" on the pam_deny line of common-auth file below it then allows all login attempts to succeed!?! It doesn't even care what password is typed!??? [/etc/pam.d] # more common-account common-auth common-password :::::::::::::: common-account :::::::::::::: account required pam_tally.so account sufficient pam_unix.so account sufficient pam_deny.so :::::::::::::: common-auth :::::::::::::: auth required pam_env.so auth required pam_tally.so deny=5 unlock_time=900 onerr=succeed auth sufficient pam_unix.so auth required pam_deny.so :::::::::::::: common-password :::::::::::::: password required pam_cracklib.so retry=3 minlen=12 difok=4 password sufficient pam_unix.so md5 password sufficient pam_deny.so Chris
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list