Re: why "auth sufficient pam_deny.so" accepts *ANY AND ALL* passwords!?!??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Feb 06, Christian Seberino wrote:

> Thorsten
> 
> Thanks! Wow so pam_unix.so NEVER returns a failure code?
> As you said, it either returns a success code or else return
> code is *ignored*?!?!

Read again. I said nothing about pam_unix.so, I spoke about "sufficent".

> On Fri, 2006-02-03 at 07:10 +0100, Thorsten Kukuk wrote:
> > On Thu, Feb 02, Christian Seberino wrote:
> > 
> > > How come if I change "required" to "sufficient" on the pam_deny
> > > line of common-auth file below it then allows all login attempts to
> > > succeed!?!
> > 
> > Because sufficent means: If the module returns PAM_SUCCESS, return
> > with success, else ignore. If you have only sufficient modules, there
> > is no failed.
> > 
> >   Thorsten
> > 
> 



> _______________________________________________
> 
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk@xxxxxxx
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux