[Fwd: PAM list failure?? Please, help me]
Dan Yefimov
dan at D00M.lightwave.net.ru
Mon Feb 6 18:00:01 UTC 2006
On Mon, 6 Feb 2006, Tomas Mraz wrote:
> -------- Forwarded Message --------
> From: Carlos M.S. <cmorales at auna.com>
> To: tmraz at redhat.com
> Subject: PAM list failure?? Please, help me
> Date: Sun, 05 Feb 2006 00:18:02 +0000
>
> Hello, my name is Carlos and I suscribed to Pluggable Authentication
> Modules <pam-list at redhat.com> three days ago, but it doesn't accept my
> messages...
>
> Here are my doubts. Could you post them? Please, I've tried to do it 2
> or 3 times but without success:
>
> --------------DOUBT 1:
> Hello, I've made the following changes in my login configuration:
>
> /etc/pam.d/login
> account required pam_time.so
>
> /etc/security/time.conf
> login;*;alumno1|alumno2;!Al1430-0830
>
> But it doesn't work...
>
... since matching patterns must be separated from logic operations and from
each other with spaces (take a careful look at time.conf sample located in the
source directory for pam_time.so).
> -------------DOUBT 2:
> Please, Could you tell me which is the most secure option? required or
> requisite? It seems to be required, isn't it?
>
It isn't, since when requisite module fails, control is immediately returned to
application, contrary to required module, whose failure won't be apparent to
application until all modules in the stack are polled (look at doc/txts/pam.txt
in PAM source directory).
--
Sincerely Your, Dan.
More information about the Pam-list
mailing list