Accuracy of PAM#Examples
- Mention that nullok inverts pam_unix.so default behavoiur of not allowing blank passwords.
- Remove the claim that
- - the latter being what pam_permit.so is used for.
- And state that as is, the pam_permit.so line has no effect with this configuration due to the way pam treats an optional module.
- Technically it's used as a fallback in case no other modules has contributed to the return code. According to manual
pam_permitthe only one in this stack, hence
pam_permit's return code is used as the final result. This is a common practice to avoid being locked from the system accidentally.
- FrederickZh (talk) 20:07, 5 January 2021 (UTC)
- Good point to discuss. The purpose of PAM#Examples was, as it says with reference to the warning, to illustrate how an single erroneous change (of switching required and optional) can havoc the stack. For that it referenced it default pambase, which was later updated in 08/2021. Explaining how and when nullok takes effect and when pam_permit applies, was not necessary to show the point (and both would have required deeper dive, yes). Since, the stack and login.defs have changed more; the example does not work anymore. A simple example following current system-auth (to follow the section) would be best, because we don't want users locking themselves out when they try it. Ideas how to update it?
- --Indigo (talk) 18:15, 26 May 2022 (UTC)
The quote of the begging of the article points to a dead link. I suggest to:
- Check if this summary about the project quoted is still valid in the current version
- If it is, update the link
- If it is not, insert a new quote and update the link for evidence
- It looks like they took down their site and just made it redirect to GitHub, some time in the past year. The same info is conveyed in the full RFC, but its hardly as brief as the FAQ. I've replaced it with an archive.org link for now; I dunno if upstream plans on making the site available again though. -- CodingKoopa (talk) 19:04, 16 August 2022 (UTC)