Skip to content

Commit

Permalink
fix: ensure we fail authentication when user auth failed (#406)
Browse files Browse the repository at this point in the history
Authd has a high priority in the PAM stack. When we don’t ignore on
purpose the authentication to pass to other modules, we should fail
immediately it.
We thus mirror requisite with still allowing the none authentication
access part to be skipped.

UDENG-3413
  • Loading branch information
didrocks authored Jul 2, 2024
2 parents e7a4bb0 + 676de03 commit d3d60d3
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions debian/pam-configs/authd.in
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@ Priority: 1050

Auth-Type: Primary
Auth:
[success=end default=ignore] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
[success=end ignore=ignore default=die] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
Account-Type: Additional
Account:
[default=ignore success=ok user_unknown=ignore] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
Password-Type: Primary
Password:
[success=end default=ignore] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
[success=end ignore=ignore default=die] pam_authd_exec.so @AUTHD_DAEMONS_PATH@/authd-pam
Session-Type: Additional
Session-Interactive-Only: yes
Session:
Expand Down

0 comments on commit d3d60d3

Please sign in to comment.