What do folks think of this feature idea? We use a Two Factor Authentication product that provides a PAM agent. The PAM agent supports an option "xusers=/filename/" where /filename /names a file containing a list of userids which are excluded from being authenticated by the agent. Here would be an example pam.conf stack for authenticating ftp using this feature (Solaris 10's PAM): # for FTP ftp auth binding pam_safeword.so.1 *xusers=/etc/pam_excluded_users* ftp auth requisite pam_authtok_get.so.1 ftp auth required pam_dhkeys.so.1 ftp auth required pam_unix_cred.so.1 ftp auth required pam_unix_auth.so.1 Excluded users fall thru to get authenticated in the same manner they would be if we weren't using the two factor auth product. There is no Solaris 8 version of the pam_safeword.so.1 module used above, so we'd like to use pam_radius_auth.so .... but have a strong need for that xusers= option or something that'll accomplish the same effect. However, we have few C development skills in our shop and those we have are rusty. And then there's the problem that we aren't very familiar with PAM internals! Does the community see value in this enhancement? Anyone interested in working on it? Or is it already there and I haven't found it in the doc?