Skip to content

Commit

Permalink
Ensure we fail authentication when user auth failed
Browse files Browse the repository at this point in the history
Authd has a high priority in the PAM stack. When we don’t ignore on
purpose the authentication to pass to other modules, we should fail
immediately it.
We thus mirror requisite with still allowing the none authentication
access part to be skipped.
  • Loading branch information
didrocks committed Jul 2, 2024
1 parent e7a4bb0 commit 676de03
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions debian/pam-configs/authd.in
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@ Priority: 1050

Auth-Type: Primary
Auth:
[success=end default=ignore] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
[success=end ignore=ignore default=die] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
Account-Type: Additional
Account:
[default=ignore success=ok user_unknown=ignore] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
Password-Type: Primary
Password:
[success=end default=ignore] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
[success=end ignore=ignore default=die] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
Session-Type: Additional
Session-Interactive-Only: yes
Session:
Expand Down

0 comments on commit 676de03

Please sign in to comment.