从文档：

When a server invokes one of the six PAM primitives,PAM retrieves the
chain for the facility the primitive belongs to,and invokes each of
the modules listed in the chain,in the order they are listed,until
it reaches the end,or determines that no further processing is
necessary (either because a binding or sufficient module succeeded,or
because a requisite module Failed.) The request is granted if and only
if at least one module was invoked,and all non-optional modules
succeeded.

因此,如果所有身份验证方法都必须成功,请使用必需的.但是,如果两个auth-methode中的第一个失败,它将立即终止.

如果您想隐藏某些某些auth-methode失败的事实,请使用required.即使一个模块出现故障,它也会继续检查其他方法,最后才会失败.

如果您只需要其中一个方法成功(意味着：许多方法可能会失败,只有一个成功的auth就足够了),请使用足够的.

有关详细信息,请参阅Pam Chain Policies.