On Thu, 2011-07-07 at 06:21 +0000, neel.gurjar@xxxxxxxxx wrote: > Hi, > > I am studying PAM. > > I understood upto “auth sufficient pam_unix.so.”. If credentials are ok then authentication will be successful. And it wont load any other module. > But then why pam_succeed_if.so is there? I just did some work on it, I found it is only useful when pam_deny is disable. These lines are added by authconfig on Fedora and RHEL systems. They are not much useful (but harmless) unless there are additional network-based authentication modules after them. There can be pam_ldap, pam_sss, pam_krb5 etc. These provide authentication against network servers and it is common requirement that the system accounts (uid<500) should not be authenticated against the network servers. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list