[CentOS] pam_succeed_if
John Doe
jdmls at yahoo.com
Fri Jun 10 09:38:22 UTC 2011
From: Daniel De Marco <ddm at bartol.udel.edu>
> auth required pam_env.so
> auth sufficient pam_unix.so nullok try_first_pass
> auth requisite pam_succeed_if.so uid >= 500 quiet
> auth required pam_deny.so
> What's the use of the pam_succeed_if line? It will only be reached if
> the pam_unix doesn't succeed and from my understanding it will prevent
> system accounts from logging in. Is it useless or am I missing
> something?
Pure speculation:
1. pam_unix just allows/disallows to go further in the checks.
2. succeed_if only let users accounts login
3. everything else, deny.
JD
More information about the CentOS
mailing list