[arch-general] PAM CAllback
Matt Pallissard
matt at pallissard.net
Fri May 15 03:43:38 UTC 2020
On 2020-05-13T22:26:16 +0100, Andy Pieters wrote:
> Hi Matt
>
> On Wed, 13 May 2020 at 15:01, Andy Pieters <arch-general at andypieters.me.uk>
> wrote:
>
> >
> >
> > On Wed, 13 May 2020 at 14:53, Matt Pallissard <matt at pallissard.net> wrote:
> >
> >>
> >> On 2020-05-13T12:39:50 +0100, Andy Pieters wrote:
> >>
> >> Should be doable, skip to pam_exec.so with `success=${num lines to skip}`
> >>
> >
> Something appears to be wrong with that. As soon as I add [success=n]
> logins start failing with
>
> PAM unable to dlopen(/usr/lib/security/required):
> /usr/lib/security/required:
> cannot open shared object file: No such file or directory
>
> and
> PAM adding faulty module: /usr/lib/security/required
>
> Looking through the man pages of pam_yubico and comparing it with those of
> pam_deny and pam_succeed_if
> it seems that pam_yubico does not support the passing of [success=,
> default=] conditions...
/usr/lib/security/required doesn't look like a valid module. I'd imagine that there is a missing bracket or something in your config file.
Also, If reading `man pam.conf` is anything to go by, the success behavior handled by pam itself. The module in question should have nothing to do with it.
As an aside, this works for me with pam_krb.so.
Matt Pallissard
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-general/attachments/20200514/a40facbd/attachment.sig>
More information about the arch-general
mailing list