Dan Yefimov wrote: > On Wed, 4 Jul 2007, Dan Field wrote: > >> However, in my syslog I get: >> >> Jul 3 16:30:12 caywdev pam_virtua_soap[20490]: User S10523 will be >> authenticated with password MyPassword >> Jul 3 16:30:14 caywdev sshd[20488]: error: PAM: Authentication failure >> for S10523 from virtualfedora3.llgc.org.uk >> > > [skip] > >> Oh and my /etc/pam.d/sshd looks like this: >> >> #%PAM-1.0 >> auth required pam_stack.so service=system-auth >> auth required pam_nologin.so >> auth sufficient pam_virtua_soap.so >> account required pam_stack.so service=system-auth >> password required pam_stack.so service=system-auth >> session required pam_stack.so service=system-auth >> session required pam_loginuid.so >> > I'd suggest you moving pam_nologin.so and pam_virtua_soap.so related lines > in > /etc/pam.d/sshd above the pam_stack.so line. The reason is simple: modules > in > the stack are called in the order they are listed. Thus pam_virtua_soap.so > in > your case is called after pam_stack.so whose success (according to > /etc/pam.d/sshd) is required (read: mandatory) for the entire stack to > succeed. > At the same time, 'sufficient' module success stops calling rest modules > in the > stack. And that has solved everything! Many thanks Dan :) -- Dan Field <dof@xxxxxxxxxxx> Tel. +44 1970 632 582 Datblygwr Systemau Systems Developer Llyfrgell Genedlaethol Cymru National Library of Wales _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
