diff options
Diffstat (limited to 'Linux-PAM/modules/pam_sepermit/README')
-rw-r--r-- | Linux-PAM/modules/pam_sepermit/README | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/Linux-PAM/modules/pam_sepermit/README b/Linux-PAM/modules/pam_sepermit/README deleted file mode 100644 index 11429832..00000000 --- a/Linux-PAM/modules/pam_sepermit/README +++ /dev/null @@ -1,51 +0,0 @@ -pam_sepermit — PAM module to allow/deny login depending on SELinux enforcement -state - -━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ - -DESCRIPTION - -The pam_sepermit module allows or denies login depending on SELinux enforcement -state. - -When the user which is logging in matches an entry in the config file he is -allowed access only when the SELinux is in enforcing mode. Otherwise he is -denied access. For users not matching any entry in the config file the -pam_sepermit module returns PAM_IGNORE return value. - -The config file contains a simple list of user names one per line. If the name -is prefixed with @ character it means that all users in the group name match. -If it is prefixed with a % character the SELinux user is used to match against -the name instead of the account name. Note that when SELinux is disabled the -SELinux user assigned to the account cannot be determined. This means that such -entries are never matched when SELinux is disabled and pam_sepermit will return -PAM_IGNORE. - -Each user name in the configuration file can have optional arguments separated -by : character. The only currently recognized argument is exclusive. The -pam_sepermit module will allow only single concurrent user session for the user -with this argument specified and it will attempt to kill all processes of the -user after logout. - -OPTIONS - -debug - - Turns on debugging via syslog(3). - -conf=/path/to/config/file - - Path to alternative config file overriding the default. - -EXAMPLES - -auth [success=done ignore=ignore default=bad] pam_sepermit.so -auth required pam_unix.so -account required pam_unix.so -session required pam_permit.so - - -AUTHOR - -pam_sepermit was written by Tomas Mraz <tmraz@redhat.com>. - |