On Wed, 2010-02-17 at 11:17 +0100, Alessandro Bottoni wrote: > Il 17/02/2010 09:49, Tomas Mraz ha scritto: > >> Maybe it is possible to user either pam_usb or pam_obc on the same user, > >> playing with the order of the configuration lines in the common-auth > >> file and/or with the "controls" ("requisite", "required", "sufficient", > >> "optional", etc.). I did not try yet... > > > > You can use jumps in the configuration and pam_succeed_if or > > pam_listfile to do the decision. If you had more than two different auth > > stacks required, it would make the configuration really ugly, but for > > just two different stacks it would be manageable. > > > > Example: > > auth [success=2 default=ignore] pam_succeed_if.so user in localuser1:localuser2 > > auth sufficient pam_remoteauth.so > > auth requisite pam_deny.so > > auth sufficient pam_localauth.so > > auth requisite pam_deny.so > > > > The success=2 tells the libpam to skip the next two modules if the user > > is not in the local user list (the user is not localuser1 or > > localuser2). > > Hi Tomas, > many thanks for your suggestion. It looks like it can solve my problem. > I just have a small doubt... > > Did you actually mean: "The success=2 tells the libpam to skip the next > two modules if the user is /in/ the local user list (the user is > /either/ localuser1 /or/ localuser2)." Yes, my typo. > Apparently, if the user is a localuser, then PAM should perform the > pam_localauth authentication. Am I wrong? No, you're right. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list