[PLUG] Confused about PAM configuration

Steve Dum dr.doom at frontier.com
Wed Jun 18 20:46:21 UTC 2014


the 'required' is to make the authentication always behave the same, 
i.e. if you are attempting to login as joe, but there is no user joe, if 
login quits as soon as it sees joe, you are telling the potential 
crackers that joe isn't a valid user name, don't bother with it. whereas 
if it continues and prompts for a password, it makes the cracking more 
difficult.
steve
Tyrell Jentink wrote:
> I'm trying to understand the control keywords. I understand that if a
> "required" management group fails, PAM will continue the remaining checks,
> but will ultimately return a failure; I also understand that if a
> "requisite" check fails, it will immediately return a failure. Here's my
> question: Why would I want PAM to continue checking? Why would I ever use
> "Required" instead of always using "Requisite?"
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>




More information about the PLUG mailing list