On Tue, Feb 07, Christian Seberino wrote: > Sorry if I wasn't clear. I meant pam_unix.so *assuming* it > was on a "sufficient" line. > > It is still weird that _failing_ a "sufficient" doesn't > ruin authentication like failing a "required" does. If failing a "sufficient" does ruin authentication like failing a "required" does, we would not need it. You need it this way if you have to stack different services. Thorsten > On Tue, 2006-02-07 at 07:25 +0100, Thorsten Kukuk wrote: > > On Mon, Feb 06, Christian Seberino wrote: > > > > > Thorsten > > > > > > Thanks! Wow so pam_unix.so NEVER returns a failure code? > > > As you said, it either returns a success code or else return > > > code is *ignored*?!?! > > > > Read again. I said nothing about pam_unix.so, I spoke about "sufficent". > > > > > On Fri, 2006-02-03 at 07:10 +0100, Thorsten Kukuk wrote: > > > > On Thu, Feb 02, Christian Seberino wrote: > > > > > > > > > How come if I change "required" to "sufficient" on the pam_deny > > > > > line of common-auth file below it then allows all login attempts to > > > > > succeed!?! > > > > > > > > Because sufficent means: If the module returns PAM_SUCCESS, return > > > > with success, else ignore. If you have only sufficient modules, there > > > > is no failed. > > > > > > > > Thorsten > > > > > > > > > > > > > > > > _______________________________________________ > > > > > > Pam-list@xxxxxxxxxx > > > https://www.redhat.com/mailman/listinfo/pam-list > > > -- > _______________________________________ > > Christian Seberino, Ph.D. > SPAWAR Systems Center San Diego > Code 2872 > 49258 Mills Street, Room 158 > San Diego, CA 92152-5385 > U.S.A. > > Phone: (619) 553-9973 > Fax : (619) 553-0804 > Email: seberino@xxxxxxxxxxxxxxx > _______________________________________ > _______________________________________________ > > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk@xxxxxxx SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
