path: root/modules/pam_nologin/README
diff options
authorThorsten Kukuk <>2006-06-04 01:48:33 +0000
committerThorsten Kukuk <>2006-06-04 01:48:33 +0000
commitd18ff5d080eb2518e8bef6601e64904428e3bb98 (patch)
treeeeda5e54d8ff7b748d795fd49191ee1dbeb85702 /modules/pam_nologin/README
parent61ec057296b434d5322185b8a66c830fdca38424 (diff)
Relevant BUGIDs:
Purpose of commit: new feature Commit summary: --------------- 2006-06-04 Thorsten Kukuk <> * modules/pam_nologin/ Include Make.xml.rules. * modules/pam_nologin/pam_nologin.8.xml: New. * modules/pam_nologin/pam_nologin.8: Regenerated from xml file. * modules/pam_nologin/README.xml: New. * modules/pam_nologin/README: Regenerated from xml file.
Diffstat (limited to 'modules/pam_nologin/README')
1 files changed, 32 insertions, 14 deletions
diff --git a/modules/pam_nologin/README b/modules/pam_nologin/README
index 11dc7635..3ffa591d 100644
--- a/modules/pam_nologin/README
+++ b/modules/pam_nologin/README
@@ -1,23 +1,41 @@
-# $Id$
+pam_nologin — Prevent non-root users from login
-This module always lets root in; it lets other users in only if the file
-/etc/nologin doesn't exist. In any case, if /etc/nologin exists, it's
-contents are displayed to the user.
-The default return value for this module is PAM_IGNORE, you can
-override this with the successok module argument.
-module services provided:
+pam_nologin is a PAM module that prevents users from logging into the system
+when /etc/nologin exists. The contents of the /etc/nologin file are displayed
+to the user. The pam_nologin module has no effect on the root user's ability to
+log in.
- auth _authenticate and _setcred
- account _acct_mgmt
-optional arguments:
- file=<alternative-nologin-pathname> - choose a different file
- successok - return PAM_SUCCESS if no file
+ Use this file instead the default /etc/nologin.
-[Original README by Michael K. Johnson]
+ Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE.
+The suggested usage for /etc/pam.d/login is:
+auth required
+In order to make this module effective, all login methods should be secured by
+it. It should be used as a required method listed before any sufficient methods
+in order to get standard Unix nologin semantics. Note, the use of successok
+module argument causes the module to return PAM_SUCCESS and as such would break
+such a configuration - failing sufficient modules would lead to a successful
+login because the nologin module succeeded.
+pam_nologin was written by Michael K. Johnson <>.