About pam_access
Thorsten Kukuk
kukuk at suse.de
Thu May 5 18:50:47 UTC 2011
On Thu, May 05, Александр Берсенев wrote:
> Hello,
> in pam_access.c function pam_sm_setcred always returning PAM_IGNORE,
> but in "man pam_sm_setcred" PAM_IGNORE is not in the list of possible
> return values.
>
> This behavior gives us some unpredictable results while we using this
> pam module. Should it be better to always return PAM_SUCCESS like in
> pam_rhosts.c?
>
Why does this give you some unpredictable results? Are you calling
PAM modules directly from your application? In general, a PAM module
can more or less always return what it likes. The manual page is only
a good catch of the most common return values, not that no other are
allowed.
Thorsten
--
Thorsten Kukuk, Project Manager/Release Manager SLES
SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg
GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg)
More information about the Pam-list
mailing list