pam_unix nonexistent user vs. invalid password
Tomas Mraz
tmraz at redhat.com
Wed Feb 17 13:28:59 UTC 2016
On St, 2016-02-17 at 13:53 +0100, Matus UHLAR - fantomas wrote:
> Hello,
>
> can I differ between nonexistent user and invalid password in
> pam.conf?
>
> I want invalid user to be left for next authentication module, but
> invalid
> password to be rejected, so other people can not override password I
> set for
> local users.
>
> I currently have:
>
> auth [success=2 default=ignore] pam_unix.so nullok_secure
>
> I have tried to add "auth_err=die" but that caused remot logins to be
> refused too...
Unfortunately that does not work. You can use pam_localuser before
pam_unix and jump over it for non-local users.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
(You'll never know whether the road is wrong though.)
More information about the Pam-list
mailing list