On Fri, 2006-02-03 at 07:10 +0100, Thorsten Kukuk wrote: > On Thu, Feb 02, Christian Seberino wrote: > > > How come if I change "required" to "sufficient" on the pam_deny > > line of common-auth file below it then allows all login attempts to > > succeed!?! > > Because sufficent means: If the module returns PAM_SUCCESS, return > with success, else ignore. If you have only sufficient modules, there > is no failed. Actually it's even more peculiar. The result of the stack is determined by the required modules - in your case pam_tally, which normally succeeds. If there were sufficient modules only and all of them failed the result would be a failure. -- Tomas Mraz <tmraz@xxxxxxxxxx> _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
