PAM rules inside pam.d
Ivan Grover
ivangrvr299 at gmail.com
Tue Feb 24 08:06:53 PST 2009
Hi All,
I had PAM rules for my own service as below:
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_deny.so
This used to work properly in my older PAM libraries.
For successfull authentication, it used to return from pam_stack.so as
system-auth has sufficient in its rules as below and it doesnt pass below
the stack to pam_deny.so
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
Now, after upgrading PAM modules (pam_unix.so, pam_stack.so..) and library,
It doesnt work,
To make it work, I need to remove the last one, pam_deny.so as below.
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
Can any one please let me know if you have seen similar problem.
Any suggestions/comments, please advice.
More information about the freebsd-security
mailing list