Re: Querry regarding use of pam_succeed_if.so

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2011-07-07 at 06:21 +0000, neel.gurjar@xxxxxxxxx wrote: 
> Hi,
>  
> I am studying PAM.
>  
> I understood upto “auth sufficient pam_unix.so.”. If credentials are ok then authentication will be successful. And it wont load any other module.
> But then why pam_succeed_if.so is there? I just did some work on it, I found it is only useful when pam_deny is disable.

These lines are added by authconfig on Fedora and RHEL systems. They are
not much useful (but harmless) unless there are additional network-based
authentication modules after them. There can be pam_ldap, pam_sss,
pam_krb5 etc. These provide authentication against network servers and
it is common requirement that the system accounts (uid<500) should not
be authenticated against the network servers.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list



[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux