also sprach Timo Sirainen <[email protected]> [2015-11-21 14:14 +1300]: > Well, your topic is PAM.
Is it? My point is that PAM should not even be asked if an authentication source beforehand knows about a user but the password cannot be verified. > But.. Right now passdb has result_success, result_failure and > result_internalfail. I suppose it should be possible to add > result_user_unknown there that defaults to result_failure if it's > not explicitly set. result_user_known should be resturned when the authentication source does not know about a user. If the authentication source knows a user but fails to authenticate him/her due to a password mismatch, the result should rather be result_auth_failure. Those two should really replace result_failure and the dovecot authentication stack should only continue on result_user_known or result_internalfail. If we get result_success or result_auth_failure, then authentication is done and no further sources should be considered. -- @martinkrafft | http://madduck.net/ | http://two.sentenc.es/ only by counting could humans demonstrate their independence of computers. -- douglas adams, "the hitchhiker's guide to the galaxy" spamtraps: [email protected]
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)
