This topic has not yet been written. The content below is from the topic description.
This element uses the code attribute to specify what policy module implementation an application can use, and the flag attribute to tell the application how to parse each policy module present in the policy stack. The flag attribute supports the following values: required The module must succeed for authorization to be successful. If any required fails, the authorization attempt will fail. The remaining modules in the stack are called regardless of the outcome of the module. requisite The module is required to succeed. If it succeeds, authorization continues down the stack. If it fails, control immediately returns to the application. sufficient The login module is not required to succeed. If it does succeed, control immediately returns to the application. If it fails, authorization continues down the stack. optional The login module is not required to succeed. Authorization still continues to proceed down the stack regardless of whether the module succeeds or fails.