Hi, The default system-auth file for PAM on CentOS has the following auth section: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so What's the use of the pam_succeed_if line? It will only be reached if the pam_unix doesn't succeed and from my understanding it will prevent system accounts from logging in. Is it useless or am I missing something? Thanks, Daniel.
From: Daniel De Marco <ddm at bartol.udel.edu>> auth? ? ? ? required? ? ? pam_env.so > auth? ? ? ? sufficient? ? pam_unix.so nullok try_first_pass > auth? ? ? ? requisite? ? pam_succeed_if.so uid >= 500 quiet > auth? ? ? ? required? ? ? pam_deny.so > What's the use of the pam_succeed_if line? It will only be reached if > the pam_unix doesn't succeed and from my understanding it will prevent > system accounts from logging in. Is it useless or am I missing > something?Pure speculation: 1. pam_unix just allows/disallows to go further in the checks. 2. succeed_if only let users accounts login 3. everything else, deny. JD