diff options
author | Andrew G. Morgan <morgan@kernel.org> | 2002-07-13 05:48:19 +0000 |
---|---|---|
committer | Andrew G. Morgan <morgan@kernel.org> | 2002-07-13 05:48:19 +0000 |
commit | 2b395f6d039fb5c92a5ae799b305dd33061c9fbc (patch) | |
tree | 6386214fcccb9987050ca9b5534bffc5d473c688 /modules/pam_wheel/README | |
parent | c95e6e34c26fc95f622b4d0535bccede3c655146 (diff) |
Relevant BUGIDs: 476951, 476953
Purpose of commit: bugfix
Commit summary:
---------------
Be more careful when using the deny option - pay attention to the trust
option before you grant access.
Fix from Nalin.
Diffstat (limited to 'modules/pam_wheel/README')
-rw-r--r-- | modules/pam_wheel/README | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/modules/pam_wheel/README b/modules/pam_wheel/README index 336bb31e..b75689e8 100644 --- a/modules/pam_wheel/README +++ b/modules/pam_wheel/README @@ -1,6 +1,6 @@ pam_wheel: - only permit root authentication too members of wheel group + only permit root authentication to members of wheel group RECOGNIZED ARGUMENTS: debug write a message to syslog indicating success or @@ -21,13 +21,16 @@ RECOGNIZED ARGUMENTS: is trying to get UID 0 access and is a member of the wheel group, deny access (well, kind of nonsense, but for use in conjunction with 'group' argument... :-) + Conversely, if the user is not in the group, return + PAM_IGNORE (unless 'trust' was also specified, in + which case we return PAM_SUCCESS). group=xxxx Instead of checking the GID 0 group, use the xxxx group to perform the authentification. MODULE SERVICES PROVIDED: - auth _authetication and _setcred (blank) + auth _authentication, _setcred (blank) and _acct_mgmt AUTHOR: - Cristian Gafton <gafton@sorosis.ro> + Cristian Gafton <gafton@redhat.com> |