On Thu, Feb 02, Christian Seberino wrote: > How come if I change "required" to "sufficient" on the pam_deny > line of common-auth file below it then allows all login attempts to > succeed!?! Because sufficent means: If the module returns PAM_SUCCESS, return with success, else ignore. If you have only sufficient modules, there is no failed. Thorsten -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list