PAM_IGNORE flag possibly not accepted/ignored ?
Martin Richard
martin.richard at gmail.com
Wed Jun 23 15:35:16 UTC 2010
On Wed, Jun 23, 2010 at 10:50 AM, Tomas Mraz <tmraz at redhat.com> wrote:
> >
> > Is there a way for example to turn on debug info in PAM ? From the
> > point of view of the module I've verified and it should indeed be
> > returning PAM_IGNORE. If that's the case, it seems the line isn't
> > really ignore by PAM. The alternative is that something else is
> > returned by pam_radius_auth but I have no trace of it.
>
> You can replace pam_radius_auth.so with pam_debug.so auth=ignore - this
> way you could see whether the stack works fine when PAM_IGNORE is
> returned or not.
>
Oh, excellent. I did try this:
------8<-------
auth required pam_debug.so auth=ignore
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so debug audit
likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
auth required pam_nologin.so
------8<-------
and could logon with local info.. I'll have another look at the source of
than module then..
Thanks !
Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20100623/58ac4683/attachment.htm>
More information about the Pam-list
mailing list