PAM Module Patch and Feature

Frank Cusack fcusack at
Mon Mar 26 18:26:05 CEST 2007

On March 26, 2007 10:17:22 AM -0600 David Mitchell <mitchell at> 
> Frank Cusack wrote:
>> On March 26, 2007 8:57:38 AM -0600 David Mitchell <mitchell at>
>> wrote:
>>> Frank Cusack wrote:
>>>> The new feature is a 'localifdown' option.  Previously, you would need
>>>> to be using Linux-PAM and the extended pam.conf syntax to ignore
>>>> PAM_AUTHINFO_UNAVAIL return values.  Now, with 'localifdown', the
>>>> module returns PAM_IGNORE instead of PAM_AUTHINFO_UNAVAIL, which works
>>>> for all pam stacks.
>>> Nice. Will this be the case for all timeout situations? Or only if the
>>> local interface is actually down? I was actually experimenting with the
>>> extended syntax last week when I found the timeout problem.
>> All timeouts.  Is there a different behavior you would like?
> No, that's perfect. It's just the name that threw me off. I was
> basically doing the exact same thing via the extended syntax. Lke this:
> auth [success=done authinfo_unavail=ignore default=die]
> debug

Right.  'localifdown' does exactly that without the extended syntax.


More information about the Freeradius-Devel mailing list