Manualshelf

Service manual

ManualsBrandsCyclades ManualsComputer equipmentAccess Router Cyclades-PR1000
181182183184185186187188189190
187Appendix J Linux-PAM
Cyclades-TS Installation & Service Manual
Optional - as its name suggests, this control-flag marks the module as not being critical to the success or
failure of the users application for service. In general, Linux-PAM ignores such a module when determining
if the module stack will succeed or fail. However, in the absence of any definite successes or failures of
previous or subsequent stacked modules this module will determine the nature of the response to the
application. One example of this latter case, is when the other modules return something like PAM_IGNORE.
Newest Syntax
The more elaborate (newer) syntax is much more specific and gives the administrator a great deal of control
over how the user is authenticated. This form of the control flag is delimited with square brackets and
consists of a series of value=action tokens:
[value1=action1 value2=action2 ...]
Here, valueI is one of the following return values: success; open_err; symbol_err; service_err; system_err;
buf_err; perm_denied; auth_err; cred_insufficient; authinfo_unavail; user_unknown; maxtries;
new_authtok_reqd; acct_expired; session_err; cred_unavail; cred_expired; cred_err; no_module_data;
conv_err; authtok_err; authtok_recover_err; authtok_lock_busy; authtok_disable_aging; try_again; ignore;
abort; authtok_expired; module_unknown; bad_item; and default. The last of these (default) can be used to
set the action for those return values that are not explicitly defined.
The action can be a positive integer or one of the following tokens: ignore; ok; done; bad; die; and reset.
A positive integer - when specified as the action, can be used to indicate that the next J
modules of the current type will be skipped. In this way, the administrator can develop a moderately
sophisticated stack of modules with a number of different paths of execution. Which path is taken can be
determined by the reactions of individual modules.
Ignore - when used with a stack of modules, the modules return status will not contribute to the
return code the application obtains.