|author||Thorsten Kukuk <email@example.com>||2006-02-24 19:17:59 +0000|
|committer||Thorsten Kukuk <firstname.lastname@example.org>||2006-02-24 19:17:59 +0000|
Relevant BUGIDs: 1425487
Purpose of commit: new feature Commit summary: --------------- Cleanup of manual page and README: 2006-02-24 Thorsten Kukuk <email@example.com> * modules/pam_succeed_if/pam_succeed_if.8.xml: New, based on version from #1425487. * modules/pam_succeed_if/pam_succeed_if.8: Regenerated from xml. * modules/pam_succeed_if/Makefile.am: Include XML rules. * modules/pam_succeed_if/README.xml: New. * modules/pam_succeed_if/README: Regenerated from xml. * modules/pam_succeed_if/pam_succeed_if.c: Fix comment about return values.
Diffstat (limited to 'modules/pam_succeed_if/pam_succeed_if.8')
1 files changed, 115 insertions, 32 deletions
diff --git a/modules/pam_succeed_if/pam_succeed_if.8 b/modules/pam_succeed_if/pam_succeed_if.8
index da95a033..70c4f8d2 100644
@@ -1,37 +1,120 @@
-.\" Copyright 2003, 2004 Red Hat, Inc.
-.\" Written by Nalin Dahyabhai <firstname.lastname@example.org>
-.TH pam_succeed_if 8 2004/12/27 "Linux-PAM" "System Administrator's Manual"
-pam_succeed_if \- succeed or fail based on account characteristics
-.B account sufficient pam_succeed_if.so uid < 500
-pam_succeed_if.so is designed to succeed or fail authentication based on
-characteristics of the account belonging to the user being authenticated.
-The module can be given one or more conditions as module arguments, and
-authentication will succeed only if all of the conditions are met.
+.\" ** You probably do not want to edit this file directly **
+.\" It was generated using the DocBook XSL Stylesheets (version 1.69.1).
+.\" Instead of manually editing it, you probably should edit the DocBook XML
+.\" source for it and then use the DocBook XSL Stylesheets to regenerate it.
+.TH "PAM_SUCCEED_IF" "8" "02/24/2006" "Linux\-PAM" "Linux\-PAM"
+.\" disable hyphenation
+.\" disable justification (adjust text to left margin only)
+pam_succeed_if \- test account characteristics
+\fBpam_succeed_if.so\fR [\fIflag\fR...] [\fIcondition\fR...]
+pam_succeed_if.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated. One use is to select whether to load other modules based on this test.
+The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met.
+\fIflag\fRs are supported:
Turns on debugging messages sent to syslog.
-Evaluate conditions using the account of the user whose UID the application
-is running under instead of the user being authenticated.
+Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated.
Don't log failure or success to the system log.
Don't log failure to the system log.
Don't log success to the system log.
-Let's hope not, but if you find any, please report them via the "Bug Track"
-link at http://bugzilla.redhat.com/bugzilla/
+\fICondition\fRs are three words: a field, a test, and a value to test for.
+Available fields are
+\fBfield < number\fR
+Field has a value numerically less than number.
+\fBfield <= number\fR
+Field has a value numerically less than or equal to number.
+\fBfield eq number\fR
+Field has a value numerically less equal to number.
+\fBfield >= number\fR
+Field has a value numerically greater than or equal to number.
+\fBfield > number\fR
+Field has a value numerically greater than number.
+\fBfield ne number\fR
+Field has a value numerically different from number.
+\fBfield = string\fR
+Field exactly matches the given string.
+\fBfield != string\fR
+Field does not match the given string.
+\fBfield =~ glob\fR
+Field matches the given glob.
+\fBfield !~ glob\fR
+Field does not match the given glob.
+\fBuser ingroup group\fR
+User is in given group.
+\fBuser notingroup group\fR
+User is not in given group.
+.SH "RETURN VALUES"
+The condition was true.
+The condition was false.
+A service error occured or the arguments can't be parsed as numbers.
+To emulate the behaviour of
+\fIpam_wheel\fR, except there is no fallback to group 0:
+ auth required pam_succeed_if.so quiet user ingroup wheel
+Given that the type matches, only loads the othermodule rule if the UID is over 500. Adjust the number after default to skip several rules.
+ type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500
+ type required othermodule.so arguments...
+.SH "SEE ALSO"
Nalin Dahyabhai <email@example.com>