problems with "success=N" action

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I want to run a script when an authentication failure occurs. But, with the following conf file, authenitcation always fails even when the proper credentials are supplied.

    auth       [success=1 new_authtok_reqd=ok ignore=ignore default=bad] pam_unix.so
    auth       optional     pam_exec.so  /usr/bin/log_failure
    password   required     pam_unix.so  md5

Authentication works by changing "success=1" to "success=ok", though obviously the failure script will always run.

I tried looking through the source code of _pam_dispatch_aux and it doesn't seem to return the first rule's return when there is no rule to jump to. If I add another rule so there is something to jump to, everything works.

    auth       [success=1 new_authtok_reqd=ok ignore=ignore default=bad]  pam_unix.so
    auth       optional     pam_exec.so  /usr/bin/log_failure
    auth       optional     pam_exec.so  /usr/bin/noop
    password   required     pam_unix.so  md5

Am I doing something wrong in my conf file, trying something that shouldn't work, or is there a problem? 
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux