Identification, Authentication and Authorization

PAM orchestration files

Advanced decision syntax

[value=action value=action …].

Actions:

  • ignore: take no decision

  • bad: continue, but the final decision will be a failure.

  • die: terminate immediately with failure.

  • ok: continue, so far the decision is success.

  • done: terminate immediately with success.

  • reset: clear the entire state and continue.

  • N (unsigned integer): same as ok + jump over N lines.

Simplified decision syntax

High-level decision definitions.

  • requisite

    • [success=ok new_authtok_reqd=ok ignore=ignore default=die]

  • required

    • [success=ok new_authtok_reqd=ok ignore=ignore default=bad]

  • sufficient

    • [success=done new_authtok_reqd=ok default=ignore]

  • optional

    • [success=ok new_authtok_reqd=ok default=ignore]

PreviousConfiguration filesNextScenario 1 – Local authentication

Last updated