[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: What does a minus sign mean in /etc/pam.d/passwd?



On Fri, 2009-10-23 at 23:58 -0700, Jonathan Ryshpan wrote: 
> The standard passwd file for Fedora-11 has a line starting with a minus
> sign:
>         $ cat /etc/pam.d/passwd
>         #%PAM-1.0
>         auth       include	system-auth
>         account    include	system-auth
>         password   substack	system-auth
>         -password   optional	pam_gnome_keyring.so
> What does this mean?
> 
> This has come up with starting gnome-keyring at login time.  
> The Gnome Project advice page:
>         http://live.gnome.org/GnomeKeyring/Pam
> recommends that to have the gnome-keyring authorized at login time, the
> passwd file should end with a line like the one at the end of this file
> (among other things), but without the minus sign.  I can't find
> documentation on this use of a minus sign.

This is new feature in libpam.

>From the pam.d(8) manual page:

       If the type value from the list above is prepended with a -
character the PAM library will not log to the system log if it is not
possible to load the module because it is missing in the system. This
can be useful especially for modules which are not always installed on
the system and are not required for correct authentication and
authorization of the login session.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux