[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Querry regarding use of pam_succeed_if.so



On Thu, 2011-07-07 at 06:21 +0000, neel gurjar gmail com wrote: 
> Hi,
>  
> I am studying PAM.
>  
> I understood upto “auth sufficient pam_unix.so.”. If credentials are ok then authentication will be successful. And it wont load any other module.
> But then why pam_succeed_if.so is there? I just did some work on it, I found it is only useful when pam_deny is disable.

These lines are added by authconfig on Fedora and RHEL systems. They are
not much useful (but harmless) unless there are additional network-based
authentication modules after them. There can be pam_ldap, pam_sss,
pam_krb5 etc. These provide authentication against network servers and
it is common requirement that the system accounts (uid<500) should not
be authenticated against the network servers.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]