Re: PAM Configuration

To: debian-user@lists.debian.org
Subject: Re: PAM Configuration
From: Christoph Pleger <christoph.pleger@cs.uni-dortmund.de>
Date: Fri, 14 Feb 2020 16:57:41 +0100
Message-id: <[🔎] 9980e05601d6e2200752bc0a54e342ee@cs.uni-dortmund.de>
In-reply-to: <[🔎] bbe6e5d8cda7dbe6f1b2fd64d38c8ba2@cs.uni-dortmund.de>
References: <[🔎] bbe6e5d8cda7dbe6f1b2fd64d38c8ba2@cs.uni-dortmund.de>

Hello,

On 2020-02-14 13:25, Christoph Pleger wrote:

auth [success=2 default=ignore] pam_p11.so/usr/local/lib/libcvP11.so


# here are the per-package modules (the "Primary" block)
auth    [success=1 default=ignore]      pam_unix.so nullok_secure
# here's the fallback if no module succeeds
auth    requisite                       pam_deny.so

# prime the stack with a positive return value if there isn't onealready;# this avoids us returning an error just because nothing sets a successcode

# since the modules above will each just jump around
auth    required                        pam_permit.so
# and here are more per-package modules (the "Additional" block)
auth    optional                        pam_group.so
auth    optional                        pam_cap.so
# end of pam-auth-update config

The question here is, why the application at all gets knowledge aboutsome failed PAM module, should it not just get the final result from thecomplete PAM stack, which is PAM_SUCCESS in this case?


Regards
  Christoph

Reply to:

References:
- PAM Configuration
  - From: Christoph Pleger <christoph.pleger@cs.uni-dortmund.de>

Prev by Date: Re: Do one thing. Do it right.
Next by Date: help with gitlab on buster
Previous by thread: Re: PAM Configuration
Next by thread: Do one thing. Do it right.
Index(es):
- Date
- Thread