why "auth sufficient pam_deny.so" accepts ANY AND ALL passwords!?!??

Mon Feb 6 20:40:32 UTC 2006

Thorsten

Thanks! Wow so pam_unix.so NEVER returns a failure code?
As you said, it either returns a success code or else return
code is *ignored*?!?!

chris

On Fri, 2006-02-03 at 07:10 +0100, Thorsten Kukuk wrote:
> On Thu, Feb 02, Christian Seberino wrote:
> 
> > How come if I change "required" to "sufficient" on the pam_deny
> > line of common-auth file below it then allows all login attempts to
> > succeed!?!
> 
> Because sufficent means: If the module returns PAM_SUCCESS, return
> with success, else ignore. If you have only sufficient modules, there
> is no failed.
> 
>   Thorsten
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 481 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060206/62f82744/attachment.sig>

why "auth sufficient pam_deny.so" accepts *ANY AND ALL* passwords!?!??

why "auth sufficient pam_deny.so" accepts ANY AND ALL passwords!?!??