-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jan Engelhardt wrote: >> You might try something like this: >> >> auth [success=1 default=ignore] pam_ldap.so >> auth sufficient pam_unix2.so >> auth required some_other_pam.so > > Aw, sorry I think I made a mistake here. One of pam_ldap and pam_unix2 > must succeed, so probably should have been: In that case something like: auth [success=2 default=ignore] pam_ldap.so auth [success=1 default=ignore] pam_unix2.so auth requisite pam_fail.so auth required some_other_pam.so > auth requisite stackme > auth required other > > --auth sufficient pam_ldap.so > --auth required pam_unix2.so > > I am not sure what [success=1] means since usually, the value after the '=' is > supposed to be ignore/bad/die/ok/done/reset. [From http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html The last of these, default, implies 'all valueN's not mentioned explicitly. Note, the full list of PAM errors is available in /usr/include/security/_pam_types.h. The actionN can be: an unsigned integer, n, signifying an action of 'jump over the next n modules in the stack', or take one of the following forms: ] Cheers Andrew -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFG0fgIQheEq9QabfIRAnyTAJ90l3rnwpx9ip1YAFhI7gWdwWfdggCeLf1k zCjZaLvytdo/b3tNet/dJ2s= =EXam -----END PGP SIGNATURE----- _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
