confused about "sufficient" vs. "required"
Christian Seberino
seberino at spawar.navy.mil
Fri Feb 3 01:38:27 UTC 2006
Tomas
Thanks so much for your emails! onerr=success fixed screensaver on
Debian from pam_tally problem! I am so grateful for your help!
I sent the following email to pam list. I was hoping you could
take a look at it if you don't mind.
Sincerely,
Chris
------
How come if I change "required" to "sufficient" on the pam_deny
line of common-auth file below it then allows all login attempts to
succeed!?!
It doesn't even care what password is typed!???
[/etc/pam.d] # more common-account common-auth common-password
::::::::::::::
common-account
::::::::::::::
account required pam_tally.so
account sufficient pam_unix.so
account sufficient pam_deny.so
::::::::::::::
common-auth
::::::::::::::
auth required pam_env.so
auth required pam_tally.so deny=5 unlock_time=900
onerr=succeed
auth sufficient pam_unix.so
auth required pam_deny.so
::::::::::::::
common-password
::::::::::::::
password required pam_cracklib.so retry=3 minlen=12 difok=4
password sufficient pam_unix.so md5
password sufficient pam_deny.so
Chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060202/dac31b5b/attachment.sig>
More information about the Pam-list
mailing list