[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How to stack PAM without pam_stack



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jan Engelhardt wrote:
>> You might try something like this:
>>
>> auth	[success=1 default=ignore] pam_ldap.so
>> auth	sufficient	pam_unix2.so
>> auth	required	some_other_pam.so
> 
> Aw, sorry I think I made a mistake here. One of pam_ldap and pam_unix2
> must succeed, so probably should have been:

In that case something like:

 auth	[success=2 default=ignore] pam_ldap.so
 auth	[success=1 default=ignore] pam_unix2.so
 auth   requisite       pam_fail.so
 auth	required	some_other_pam.so

> 	auth	requisite	stackme
> 	auth	required	other
> 
> 	--auth	sufficient	pam_ldap.so
> 	--auth	required	pam_unix2.so
> 
> I am not sure what [success=1] means since usually, the value after the '=' is
> supposed to be ignore/bad/die/ok/done/reset.

[From
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-configuration-file.html

 The last of these, default, implies 'all valueN's not mentioned
 explicitly. Note, the full list of PAM errors is available in
 /usr/include/security/_pam_types.h. The actionN can be: an unsigned
 integer, n, signifying an action of 'jump over the next n modules in
 the stack', or take one of the following forms:
]

Cheers

Andrew

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFG0fgIQheEq9QabfIRAnyTAJ90l3rnwpx9ip1YAFhI7gWdwWfdggCeLf1k
zCjZaLvytdo/b3tNet/dJ2s=
=EXam
-----END PGP SIGNATURE-----


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]