diff options
author | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:13:04 -0800 |
---|---|---|
committer | Steve Langasek <steve.langasek@ubuntu.com> | 2019-01-03 21:13:04 -0800 |
commit | c55c14c5c6762139ec6695d84ea0e2e917da5264 (patch) | |
tree | 9e6119760c93841b2bc3e05680ac9e4e15ae9c25 /doc | |
parent | f3c0273b7bd2d7fdcac3fe3604cedd82afc57f49 (diff) | |
parent | fc772e7236a7aea9c9c26b0be2ee6f3ed8ae444a (diff) |
New upstream version 1.1.5
Diffstat (limited to 'doc')
-rw-r--r-- | doc/man/pam.conf-syntax.xml | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/doc/man/pam.conf-syntax.xml b/doc/man/pam.conf-syntax.xml index bea84d91..da7cfb70 100644 --- a/doc/man/pam.conf-syntax.xml +++ b/doc/man/pam.conf-syntax.xml @@ -143,7 +143,8 @@ <para> like <emphasis>required</emphasis>, however, in the case that such a module returns a failure, control is directly returned - to the application. The return value is that associated with + to the application or to the superior PAM stack. + The return value is that associated with the first required or requisite module to fail. Note, this flag can be used to protect against the possibility of a user getting the opportunity to enter a password over an unsafe medium. It is @@ -158,14 +159,12 @@ <term>sufficient</term> <listitem> <para> - success of such a module is enough to satisfy the - authentication requirements of the stack of modules (if a - prior <emphasis>required</emphasis> module has failed the - success of this one is <emphasis>ignored</emphasis>). A failure - of this module is not deemed as fatal to satisfying the - application that this type has succeeded. If the module succeeds - the PAM framework returns success to the application immediately - without trying any other modules. + if such a module succeeds and no prior <emphasis>required</emphasis> + module has failed the PAM framework returns success to + the application or to the superior PAM stack immediately without + calling any further modules in the stack. A failure of a + <emphasis>sufficient</emphasis> module is ignored and processing + of the PAM module stack continues unaffected. </para> </listitem> </varlistentry> |