How to stack PAM without pam_stack
Andrew Morgan
morgan at kernel.org
Sun Aug 26 22:00:42 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Jan Engelhardt wrote:
>> You might try something like this:
>>
>> auth [success=1 default=ignore] pam_ldap.so
>> auth sufficient pam_unix2.so
>> auth required some_other_pam.so
>
> Aw, sorry I think I made a mistake here. One of pam_ldap and pam_unix2
> must succeed, so probably should have been:
In that case something like:
auth [success=2 default=ignore] pam_ldap.so
auth [success=1 default=ignore] pam_unix2.so
auth requisite pam_fail.so
auth required some_other_pam.so
> auth requisite stackme
> auth required other
>
> --auth sufficient pam_ldap.so
> --auth required pam_unix2.so
>
> I am not sure what [success=1] means since usually, the value after the '=' is
> supposed to be ignore/bad/die/ok/done/reset.
[From
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html
The last of these, default, implies 'all valueN's not mentioned
explicitly. Note, the full list of PAM errors is available in
/usr/include/security/_pam_types.h. The actionN can be: an unsigned
integer, n, signifying an action of 'jump over the next n modules in
the stack', or take one of the following forms:
]
Cheers
Andrew
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFG0fgIQheEq9QabfIRAnyTAJ90l3rnwpx9ip1YAFhI7gWdwWfdggCeLf1k
zCjZaLvytdo/b3tNet/dJ2s=
=EXam
-----END PGP SIGNATURE-----
More information about the Pam-list
mailing list