On Thu, 2011-07-07 at 06:21 +0000, neel.gurjar@xxxxxxxxx wrote:
> Hi,
>
> I am studying PAM.
>
> I understood upto “auth sufficient pam_unix.so.”. If credentials are ok then authentication will be successful. And it wont load any other module.
> But then why pam_succeed_if.so is there? I just did some work on it, I found it is only useful when pam_deny is disable.
These lines are added by authconfig on Fedora and RHEL systems. They are
not much useful (but harmless) unless there are additional network-based
authentication modules after them. There can be pam_ldap, pam_sss,
pam_krb5 etc. These provide authentication against network servers and
it is common requirement that the system accounts (uid<500) should not
be authenticated against the network servers.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
