[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: PAM behavior question



Adam Slattery wrote:
> 
> > > modules are successful, auth will fail. If I try this under Linux, and I
> > > enter
> > > a bad password, or none at all, the optional nature of the auth line
> lets
> > > you
> > > drop right into a shell, ouch. Basically I want 'required' behavior with
> > > 'optional' symantics.
> >
> > Could you give a sample configuration that gives this particular
> > behavior? As you describe it, its not at all doing the right thing and
> > given the example config, I would like to fix it!
> >
> > Thanks
> > Andrew
> 
> erm. he figured it out. he was using optional instead of sufficient.  As for

Yes, I read the email and the response. But his email said something to
the effect that a stack of things that only contained 'optional' stuff
would 'drop right into a shell', which I don't want to believe is true.
And that is why I want to see an example of this behavior. I realize
that the original problem was related to mistaking optional for
sufficient, but a stack like this:

auth optional pam_x.so
auth optional pam_y.so

should default to failing when pam_x and pam_y both return a failure. If
this is not the case then it represents a bug.

Cheers

Andrew





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []