-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 8/26/2014 3:24 PM, Paul Wouters wrote:
> Can you try: > > #%PAM-1.0 > > auth include system-auth use_first_pass account required > pam_nologin.so account include system-auth password include > system-auth session optional pam_keyinit.so force revoke session > include system-auth session required pam_loginuid.so Tried; same error. The only difference between this and stock is the "use_first_pass" parameter in the auth line, correct? Just to check, I also tried with: #%PAM-1.0 auth include system-auth use_first_pass account required pam_nologin.so #account include system-auth account required pam_permit.so password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so ... but that failed as well. This one works, but of course bypasses any actual credential verification for auth and account: #%PAM-1.0 #auth include system-auth use_first_pass auth required pam_permit.so account required pam_nologin.so #account include system-auth account required pam_permit.so password include system-auth session optional pam_keyinit.so force revoke session include system-auth session required pam_loginuid.so - -- Nels Lindquist <[email protected]> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (MingW32) iEYEARECAAYFAlP930wACgkQh6z5POoOLgRNLACfT72Ykm63JqEaOnYYrUljyebp HIYAnR6Si9BBzO1En91Sj8+c/zQ1m4Jn =+91T -----END PGP SIGNATURE----- _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
