From ArchWiki
Jump to navigation Jump to search

Accuracy of PAM#Examples

The accuracy of PAM#Examples was discussed at the forums. I suggest to

  1. Mention that nullok inverts default behavoiur of not allowing blank passwords.
  2. Remove the claim that
- the latter being what is used for.
And state that as is, the line has no effect with this configuration due to the way pam treats an optional module.

Regid (talk) 02:05, 23 April 2019 (UTC)

Technically it's used as a fallback in case no other modules has contributed to the return code. According to manual pam_unix(8), pam_unix can return PAM_IGNORE which leaves pam_permit the only one in this stack, hence pam_permit's return code is used as the final result. This is a common practice to avoid being locked from the system accidentally.
FrederickZh (talk) 20:07, 5 January 2021 (UTC)