What does a minus sign mean in /etc/pam.d/passwd?
Tomas Mraz
tmraz at redhat.com
Mon Oct 26 10:05:38 UTC 2009
On Fri, 2009-10-23 at 23:58 -0700, Jonathan Ryshpan wrote:
> The standard passwd file for Fedora-11 has a line starting with a minus
> sign:
> $ cat /etc/pam.d/passwd
> #%PAM-1.0
> auth include system-auth
> account include system-auth
> password substack system-auth
> -password optional pam_gnome_keyring.so
> What does this mean?
>
> This has come up with starting gnome-keyring at login time.
> The Gnome Project advice page:
> http://live.gnome.org/GnomeKeyring/Pam
> recommends that to have the gnome-keyring authorized at login time, the
> passwd file should end with a line like the one at the end of this file
> (among other things), but without the minus sign. I can't find
> documentation on this use of a minus sign.
This is new feature in libpam.
>From the pam.d(8) manual page:
If the type value from the list above is prepended with a -
character the PAM library will not log to the system log if it is not
possible to load the module because it is missing in the system. This
can be useful especially for modules which are not always installed on
the system and are not required for correct authentication and
authorization of the login session.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Pam-list
mailing list