On Thu, Nov 08, 2007 at 10:06:35AM -0000, lcars wrote: > Here are the modified pam files, all the others are left untouched,
Ok, sure; in that case the "sufficient + sufficient" is not the complete stack, and the return value is controlled by the presence of other PAM modules listed in the per-service config files (/etc/pam.d/login and /etc/pam.d/gdm) which, though relevant, are not sufficient to ensure that unauthorized users don't gain access. > Btw, the decision upong ignore return code opposed to bad/die is entirely > delegated to the application, and not to pam itself. Sorry, not true. PAM_IGNORE is not a valid return value from any of the pam_* API calls according to the spec, and Linux-PAM does translate a stack result of "ignore" to a return value of PAM_PERM_DENIED before returning to the caller. -- pam configuration could use safer defaults https://bugs.launchpad.net/bugs/152912 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
