problems with "success=N" action
b a
vader90210 at gmail.com
Thu Oct 31 13:14:38 UTC 2013
I want to run a script when an authentication failure occurs. But, with the
following conf file, authenitcation always fails even when the proper
credentials are supplied.
auth [success=1 new_authtok_reqd=ok ignore=ignore default=bad]
pam_unix.so
auth optional pam_exec.so /usr/bin/log_failure
password required pam_unix.so md5
Authentication works by changing "success=1" to "success=ok", though
obviously the failure script will always run.
I tried looking through the source code of _pam_dispatch_aux and it doesn't
seem to return the first rule's return when there is no rule to jump to. If
I add another rule so there is something to jump to, everything works.
auth [success=1 new_authtok_reqd=ok ignore=ignore default=bad]
pam_unix.so
auth optional pam_exec.so /usr/bin/log_failure
auth optional pam_exec.so /usr/bin/noop
password required pam_unix.so md5
Am I doing something wrong in my conf file, trying something that shouldn't
work, or is there a problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20131031/415e3073/attachment.htm>
More information about the Pam-list
mailing list