On 2020-05-13T22:26:16 +0100, Andy Pieters wrote:
Hi Matt
On Wed, 13 May 2020 at 15:01, Andy Pieters <arch-general@andypieters.me.uk> wrote:
On Wed, 13 May 2020 at 14:53, Matt Pallissard <matt@pallissard.net> wrote:
On 2020-05-13T12:39:50 +0100, Andy Pieters wrote:
Should be doable, skip to pam_exec.so with `success=${num lines to skip}`
Something appears to be wrong with that. As soon as I add [success=n] logins start failing with
PAM unable to dlopen(/usr/lib/security/required): /usr/lib/security/required: cannot open shared object file: No such file or directory
and PAM adding faulty module: /usr/lib/security/required
Looking through the man pages of pam_yubico and comparing it with those of pam_deny and pam_succeed_if it seems that pam_yubico does not support the passing of [success=, default=] conditions...
/usr/lib/security/required doesn't look like a valid module. I'd imagine that there is a missing bracket or something in your config file. Also, If reading `man pam.conf` is anything to go by, the success behavior handled by pam itself. The module in question should have nothing to do with it. As an aside, this works for me with pam_krb.so. Matt Pallissard