> Dag-Erling Smorgrav <[EMAIL PROTECTED]> writes: > > In any case, if I understand what you're trying to do, it can be done > > by returning PAM_SUCCESS if OPIE authentication succeeded, PAM_IGNORE > > if it failed but Unix authentication is still allowed, and > > PAM_AUTH_ERR if OPIE failed and Unix authentication is *not* allowed. > > In that case, if you mark pam_opie "sufficient", pam_unix will run > > only if OPIE authentication failed but allowed Unix authentication to > > proceed. > > Hmm, actually, that won't do. I need to think this over some more.
The usual route is YES or NO, with IGNORE reserved for modules which have no authentication (like say, pam_motd, which prints /etc/motd during the pam_session_open() phase). IGNORE may have other uses, but I can't remember them offhand. M -- o Mark Murray \_ FreeBSD Services Limited O.\_ Warning: this .sig is umop ap!sdn To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-current" in the body of the message
