Timeline for How to create a conditional PAM entry
Current License: CC BY-SA 4.0
10 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jul 2, 2018 at 16:17 | vote | accept | Luke Pafford | ||
| Jul 1, 2018 at 13:31 | history | edited | Jeff Schaller♦ | CC BY-SA 4.0 | typo fixes |
| Jun 29, 2018 at 17:23 | answer | added | Luke Pafford | timeline score: 3 | |
| Jun 29, 2018 at 8:26 | history | tweeted | twitter.com/StackUnix/status/1012613341406224384 | ||
| Jun 29, 2018 at 5:58 | comment | added | Tim Siegel | It might help to use auth [success=1] pam_debug.so auth=auth_err, instead of ... pam_exec.so .... And verify that it's failing as it should, so you know the stack is configured right. | |
| Jun 29, 2018 at 5:18 | answer | added | Tim Siegel | timeline score: 5 | |
| Jun 29, 2018 at 4:55 | comment | added | Luke Pafford | That is exactly the interpretation I had too. Unfortunately, that isn't the case. I even tried to return all exit codes that pam_exec claims to return: 4 (PAM_SYSTEM_ERR), 3 (PAM_SERVICE_ERR), and 25 (PAM_IGNORE) in my script. In the pam module, I tried catching all 30 different PAM status codes, and the only status code that impacted the behavior was PAM_SUCCESS. The pam_exec.so module should really be written to explain that it fires off a script, and will always return success regardless of whatever exit code the script returns | |
| Jun 29, 2018 at 1:45 | comment | added | Tim Siegel | My reading of pam_exec.c is that it will return PAM_SYSTEM_ERR when the script returns non-zero. Maybe you can double-check that method again. | |
| Jun 28, 2018 at 23:27 | history | edited | Luke Pafford | CC BY-SA 4.0 | added 755 characters in body |
| Jun 28, 2018 at 23:05 | history | asked | Luke Pafford | CC BY-SA 4.0 |