why "auth sufficient pam_deny.so" accepts *ANY AND ALL* passwords!?!??
Thorsten Kukuk
kukuk at suse.de
Fri Feb 3 06:10:03 UTC 2006
On Thu, Feb 02, Christian Seberino wrote:
> How come if I change "required" to "sufficient" on the pam_deny
> line of common-auth file below it then allows all login attempts to
> succeed!?!
Because sufficent means: If the module returns PAM_SUCCESS, return
with success, else ignore. If you have only sufficient modules, there
is no failed.
Thorsten
--
Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk at suse.de
SUSE LINUX Products GmbH Maxfeldstr. 5 D-90409 Nuernberg
--------------------------------------------------------------------
Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
More information about the Pam-list
mailing list