[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: yet more pam config file questions



On Tue, 25 Jun 2002, Nalin Dahyabhai wrote:

> On Tue, Jun 25, 2002 at 04:56:02PM -0400, Robert P. J. Day wrote:
> > ok, i think i see why that is.  according to the docs, the only time
> > something with a control flag of "optional" is necessary for 
> > authentication is if *no* *other* module of that module type
> > has either succeeded or failed.  if the pam_xauth.so was the
> > only "session" module type and it failed, that would mean an
> > overall failure.  so putting in the session permit line just
> > guarantees that, even if pam_xauth.so failed, you'd still get
> > an overall success.  is that how it works?
> > 
> > in that case, though, why is there a single permit line for
> > the "account" module type?  the same logic surely doesn't hold
> > here.  so i'm still a mite confused.
> 
> The return values for stacks without any "required" or "requisite"
> modules isn't defined IIRC (I *think* it's implementation-specific).
> Requiring pam_permit.so removes that ambiguity.

ah, so if a "stack" is defined as all entries with the same module
type, then either a stack with a single "optional" entry, or a
totally empty stack, would have this undefined behaviour.
am i reading that correctly?

rday






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []