[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Module testing

Dan Yefimov wrote:
> On Wed, 4 Jul 2007, Dan Field wrote:
>> However, in my syslog I get:
>> Jul  3 16:30:12 caywdev pam_virtua_soap[20490]: User S10523 will be
>> authenticated with password MyPassword
>> Jul  3 16:30:14 caywdev sshd[20488]: error: PAM: Authentication failure
>> for S10523 from virtualfedora3.llgc.org.uk
> [skip]
>> Oh and my /etc/pam.d/sshd looks like this:
>> #%PAM-1.0
>> auth       required     pam_stack.so service=system-auth
>> auth       required     pam_nologin.so
>> auth       sufficient   pam_virtua_soap.so
>> account    required     pam_stack.so service=system-auth
>> password   required     pam_stack.so service=system-auth
>> session    required     pam_stack.so service=system-auth
>> session    required     pam_loginuid.so
> I'd suggest you moving pam_nologin.so and pam_virtua_soap.so related lines
> in
> /etc/pam.d/sshd above the pam_stack.so line. The reason is simple: modules
> in
> the stack are called in the order they are listed. Thus pam_virtua_soap.so
> in
> your case is called after pam_stack.so whose success (according to
> /etc/pam.d/sshd) is required (read: mandatory) for the entire stack to
> succeed.
> At the same time, 'sufficient' module success stops calling rest modules
> in the
> stack.

And that has solved everything! Many thanks Dan :)

Dan Field <dof@xxxxxxxxxxx>                        Tel. +44 1970  632 582
Datblygwr Systemau                                     Systems  Developer
Llyfrgell Genedlaethol Cymru                  National Library of  Wales

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]
  Powered by Linux