why "auth sufficient pam_deny.so" accepts *ANY AND ALL* passwords!?!??
Thorsten Kukuk
kukuk at suse.de
Tue Feb 7 06:25:50 UTC 2006
On Mon, Feb 06, Christian Seberino wrote:
> Thorsten
>
> Thanks! Wow so pam_unix.so NEVER returns a failure code?
> As you said, it either returns a success code or else return
> code is *ignored*?!?!
Read again. I said nothing about pam_unix.so, I spoke about "sufficent".
> On Fri, 2006-02-03 at 07:10 +0100, Thorsten Kukuk wrote:
> > On Thu, Feb 02, Christian Seberino wrote:
> >
> > > How come if I change "required" to "sufficient" on the pam_deny
> > > line of common-auth file below it then allows all login attempts to
> > > succeed!?!
> >
> > Because sufficent means: If the module returns PAM_SUCCESS, return
> > with success, else ignore. If you have only sufficient modules, there
> > is no failed.
> >
> > Thorsten
> >
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk at suse.de
SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
More information about the Pam-list
mailing list