diff options
Diffstat (limited to 'Linux-PAM/doc/modules/pam_nologin.sgml')
-rw-r--r-- | Linux-PAM/doc/modules/pam_nologin.sgml | 81 |
1 files changed, 81 insertions, 0 deletions
diff --git a/Linux-PAM/doc/modules/pam_nologin.sgml b/Linux-PAM/doc/modules/pam_nologin.sgml new file mode 100644 index 00000000..e2463570 --- /dev/null +++ b/Linux-PAM/doc/modules/pam_nologin.sgml @@ -0,0 +1,81 @@ +<!-- + $Id: pam_nologin.sgml,v 1.1.1.2 2002/09/15 20:08:31 hartmans Exp $ + + This file was written by Michael K. Johnson <johnsonm@redhat.com> +--> + +<sect1>The no-login module + +<sect2>Synopsis + +<p> +<descrip> + +<tag><bf>Module Name:</bf></tag> +<tt/pam_nologin/ + +<tag><bf>Author:</bf></tag> +Written by Michael K. Johnson <johnsonm@redhat.com><newline> + +<tag><bf>Maintainer:</bf></tag> + +<tag><bf>Management groups provided:</bf></tag> +account; authentication + +<tag><bf>Cryptographically sensitive:</bf></tag> + +<tag><bf>Security rating:</bf></tag> + +<tag><bf>Clean code base:</bf></tag> + +<tag><bf>System dependencies:</bf></tag> + +<tag><bf>Network aware:</bf></tag> + +</descrip> + +<sect2>Overview of module + +<p> +Provides standard Unix <em/nologin/ authentication. + +<sect2>Authentication component + +<p> +<descrip> + +<tag><bf>Recognized arguments:</bf></tag> +successok, file=<<em/filename/> + +<tag><bf>Description:</bf></tag> + +Provides standard Unix <em/nologin/ authentication. If the file +<tt>/etc/nologin</tt> exists, only root is allowed to log in; other +users are turned away with an error message (and the module returns +<tt/PAM_AUTH_ERR/ or <tt/PAM_USER_UNKNOWN/). All users (root or +otherwise) are shown the contents of <tt>/etc/nologin</tt>. + +<p> +If the file <tt>/etc/nologin</tt> does not exist, this module defaults +to returning <tt/PAM_IGNORE/, but the <tt/successok/ module argument +causes it to return <tt/PAM_SUCCESS/ in this case. + +<p> +The administrator can override the default nologin file with the +<tt/file=/<em/pathname/ module argument. + +<tag><bf>Examples/suggested usage:</bf></tag> + +In order to make this module effective, all login methods should be +secured by it. It should be used as a <tt>required</tt> method listed +before any <tt>sufficient</tt> methods in order to get standard Unix +nologin semantics. Note, the use of <tt/successok/ module argument +causes the module to return <tt/PAM_SUCCESS/ and as such would break +such a configuration - failing <tt/sufficient/ modules would lead to a +successful login because the nologin module <em/succeeded/. + +</descrip> + +<!-- +End of sgml insert for this module. +--> |