why "auth sufficient pam_deny.so" accepts *ANY AND ALL* passwords!?!??
Christian Seberino
seberino at spawar.navy.mil
Fri Feb 3 01:35:42 UTC 2006
How come if I change "required" to "sufficient" on the pam_deny
line of common-auth file below it then allows all login attempts to
succeed!?!
It doesn't even care what password is typed!???
[/etc/pam.d] # more common-account common-auth common-password
::::::::::::::
common-account
::::::::::::::
account required pam_tally.so
account sufficient pam_unix.so
account sufficient pam_deny.so
::::::::::::::
common-auth
::::::::::::::
auth required pam_env.so
auth required pam_tally.so deny=5 unlock_time=900
onerr=succeed
auth sufficient pam_unix.so
auth required pam_deny.so
::::::::::::::
common-password
::::::::::::::
password required pam_cracklib.so retry=3 minlen=12 difok=4
password sufficient pam_unix.so md5
password sufficient pam_deny.so
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060202/6c0fc1b5/attachment.sig>
More information about the Pam-list
mailing list