Sorry if I wasn't clear. I meant pam_unix.so *assuming* it was on a "sufficient" line. It is still weird that _failing_ a "sufficient" doesn't ruin authentication like failing a "required" does. cs On Tue, 2006-02-07 at 07:25 +0100, Thorsten Kukuk wrote: > On Mon, Feb 06, Christian Seberino wrote: > > > Thorsten > > > > Thanks! Wow so pam_unix.so NEVER returns a failure code? > > As you said, it either returns a success code or else return > > code is *ignored*?!?! > > Read again. I said nothing about pam_unix.so, I spoke about "sufficent". > > > On Fri, 2006-02-03 at 07:10 +0100, Thorsten Kukuk wrote: > > > On Thu, Feb 02, Christian Seberino wrote: > > > > > > > How come if I change "required" to "sufficient" on the pam_deny > > > > line of common-auth file below it then allows all login attempts to > > > > succeed!?! > > > > > > Because sufficent means: If the module returns PAM_SUCCESS, return > > > with success, else ignore. If you have only sufficient modules, there > > > is no failed. > > > > > > Thorsten > > > > > > > > > > _______________________________________________ > > > > Pam-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/pam-list > -- _______________________________________ Christian Seberino, Ph.D. SPAWAR Systems Center San Diego Code 2872 49258 Mills Street, Room 158 San Diego, CA 92152-5385 U.S.A. Phone: (619) 553-9973 Fax : (619) 553-0804 Email: seberino@xxxxxxxxxxxxxxx _______________________________________
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
