[SSSD-users] Re: pam_sss nullok

Hello all, when using smart card auth with pam_pkcs11 there is an option to set 'nullok' to true/false. Setting it to false effectively makes pam_pkcs11 ignore empty pin entries (this option is also available for pam_unix and set to false as default). So if I get a pin prompt and just press Enter it is not regarded as an authentication attempt. Is there anything similar with pam_sss? Default behaviour seems to be to regard empty inputs as an auth attempt, so if I run sudo and just press Enter a couple of times this counts as failed auth attempts and will consequently lock my smart card. Which is not what I want.

_______________________________________________ sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahoste...