On Fri, Nov 23, Andrew Morgan wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > If you don't include any path, do you get the right behavior anyway? > > auth required pam_deny.so Yes, this is the best solution, don't use a path at all. But some distributions think (thought?) that not using the full path could be a security risk. I prefer to only specify the module without path. Thorsten > Cheers > > Andrew > > Thorsten Kukuk wrote: > > On Fri, Nov 23, liuruihong wrote: > > > >> /etc/pam.d/other > >> > >> #%PAM-1.0 > >> > >> auth required /lib/security/$ISA/pam_deny.so > >> > >> account required /lib/security/$ISA/pam_deny.so > >> > >> password required /lib/security/$ISA/pam_deny.so > >> > >> session required /lib/security/$ISA/pam_deny.so > >> > >> > >> > >> what does the "$ISA" mean? > > > > That's for 'biarch' systems, so that you can use a full > > path to the modules for 32bit and 64bit. > > > > For example, on such a system a 32bit application would > > translate $ISA to ".", a 64bit application to "../../lib64/security" > > > > Thorsten > > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.7 (Darwin) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iD8DBQFHRz0C+bHCR3gb8jsRAij6AKCabAcsFhGaEoioXwp7c/97apXitgCgsKun > A4FJUAjDwN8LxV4CXO2IJEA= > =NuBm > -----END PGP SIGNATURE----- > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
