Il 17/02/2010 09:49, Tomas Mraz ha scritto: >> Maybe it is possible to user either pam_usb or pam_obc on the same user, >> playing with the order of the configuration lines in the common-auth >> file and/or with the "controls" ("requisite", "required", "sufficient", >> "optional", etc.). I did not try yet... > > You can use jumps in the configuration and pam_succeed_if or > pam_listfile to do the decision. If you had more than two different auth > stacks required, it would make the configuration really ugly, but for > just two different stacks it would be manageable. > > Example: > auth [success=2 default=ignore] pam_succeed_if.so user in localuser1:localuser2 > auth sufficient pam_remoteauth.so > auth requisite pam_deny.so > auth sufficient pam_localauth.so > auth requisite pam_deny.so > > The success=2 tells the libpam to skip the next two modules if the user > is not in the local user list (the user is not localuser1 or > localuser2). Hi Tomas, many thanks for your suggestion. It looks like it can solve my problem. I just have a small doubt... Did you actually mean: "The success=2 tells the libpam to skip the next two modules if the user is /in/ the local user list (the user is /either/ localuser1 /or/ localuser2)." Apparently, if the user is a localuser, then PAM should perform the pam_localauth authentication. Am I wrong? Thanks again -- Alessandro Bottoni Website: http://www.alessandrobottoni.it/ "Beauty is a form of genius - is higher, indeed, than genius, as it needs no explanation." -- Oscar Wilde _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list