[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Re: Per-User Authentication with Linux PAM?



Il 17/02/2010 09:49, Tomas Mraz ha scritto:
>> Maybe it is possible to user either pam_usb or pam_obc on the same user,
>> playing with the order of the configuration lines in the common-auth
>> file and/or with the "controls" ("requisite", "required", "sufficient",
>> "optional", etc.). I did not try yet...
> 
> You can use jumps in the configuration and pam_succeed_if or
> pam_listfile to do the decision. If you had more than two different auth
> stacks required, it would make the configuration really ugly, but for
> just two different stacks it would be manageable.
> 
> Example: 
> auth [success=2 default=ignore] pam_succeed_if.so user in localuser1:localuser2
> auth sufficient pam_remoteauth.so
> auth requisite pam_deny.so
> auth sufficient pam_localauth.so
> auth requisite pam_deny.so
> 
> The success=2 tells the libpam to skip the next two modules if the user
> is not in the local user list (the user is not localuser1 or
> localuser2).

Hi Tomas,
many thanks for your suggestion. It looks like it can solve my problem.
I just have a small doubt...

Did you actually mean: "The success=2 tells the libpam to skip the next
two modules if the user is /in/ the local user list (the user is
/either/ localuser1 /or/ localuser2)."

Apparently, if the user is a localuser, then PAM should perform the
pam_localauth authentication. Am I wrong?

Thanks again
-- 

Alessandro Bottoni
Website: http://www.alessandrobottoni.it/

"Beauty is a form of genius - is higher, indeed, than genius, as it
needs no explanation."
     -- Oscar Wilde

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux