I noticed (user_policy.c):
176 /* No config -> system error */
177 if (s == NULL || *s == '\0')
178 return (PAM_SYSTEM_ERR);
and it seems (unless I'm missing something) that we sometimes return
PAM_SERVICE_ERR and sometimes PAM_SYSTEM_ERR when a configuration
resource we need is missing:
e.g. pam_list(5):
PAM_SERVICE_ERR An invalid set of module options was
given in the pam.conf(4) for this
module, or the user/netgroup file could
not be opened.
but pam_dial_auth(5):
PAM_SYSTEM_ERR
System error (d_passwd(4) is not present).
and pam(3PAM) isn't much help:
PAM_SERVICE_ERR
Error in service module.
PAM_SYSTEM_ERR
System error.
All of this has little to do with your code, but we might want to
standardise on what is used for which case (and document it in pam(3PAM)).
Bart
