diff between "include" directive and use of pam_stack.so?
Tomas Mraz
tmraz at redhat.com
Mon Oct 18 06:07:48 UTC 2010
On Sat, 2010-10-16 at 08:06 -0400, Robert P. J. Day wrote:
> perhaps just my inexperience with PAM but i'm reading an online PAM
> tutorial here:
>
> http://content.hccfl.edu/pollock/AUnix2/PAM-Help.htm
>
> and it mentions the use of the pam_stack.so module to support
> recursive(?) processing. on my centos 5.5 system, "man pam_stack"
> appears to describe it much the same way.
>
> but how does this differ from simply "include"ing another PAM config
> file? on this centos system, the entirety of the use of that module
> is:
>
> $ grep pam_stack *
> pm-hibernate:#auth required pam_stack.so service=system-auth
> pm-powersave:#auth required pam_stack.so service=system-auth
> pm-suspend:#auth required pam_stack.so service=system-auth
> pm-suspend-hybrid:#auth required pam_stack.so service=system-auth
> $
>
> and, as you can see, all of those uses are commented out. so is
> pam_stack.so even used anymore? thanks.
Thorsten already said what is the difference. In RHEL-5 the use of
pam_stack was replaced by include and the pam_stack module was
deprecated. It is no longer present in RHEL-6. Later in the upstream of
Linux-PAM a substack directive was implemented which emulates the
previous pam_stack module behavior although there are still some
differences.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Pam-list
mailing list