Talk:PAM

From ArchWiki
Jump to navigation Jump to search

Accuracy of PAM#Examples

The accuracy of PAM#Examples was discussed at the forums. I suggest to

  1. Mention that nullok inverts pam_unix.so default behavoiur of not allowing blank passwords.
  2. Remove the claim that
- the latter being what pam_permit.so is used for.
And state that as is, the pam_permit.so line has no effect with this configuration due to the way pam treats an optional module.

Regid (talk) 02:05, 23 April 2019 (UTC)

Technically it's used as a fallback in case no other modules has contributed to the return code. According to manual pam_unix(8), pam_unix can return PAM_IGNORE which leaves pam_permit the only one in this stack, hence pam_permit's return code is used as the final result. This is a common practice to avoid being locked from the system accidentally.
FrederickZh (talk) 20:07, 5 January 2021 (UTC)