# optional pam_permit entries

## onek

I'm updating one of my servers and noticing some new PAM entries.  For example, from system-auth:

 auth           required        pam_env.so 

 auth           required        pam_unix.so try_first_pass likeauth nullok 

+auth           optional        pam_permit.so

 account                required        pam_unix.so 

+account                optional        pam_permit.so

 password       required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 

 password       required        pam_unix.so try_first_pass use_authtok nullok sha512 shadow 

+password       optional        pam_permit.so

I'm wondering why optional permits are being added?  I'm thinking this must have been due to some bug, but I've not been able to track down why these are needed.

----------

## onek

bump

----------

