diff options
Diffstat (limited to 'Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml')
-rw-r--r-- | Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml | 189 |
1 files changed, 0 insertions, 189 deletions
diff --git a/Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml b/Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml deleted file mode 100644 index c2546b62..00000000 --- a/Linux-PAM/modules/pam_sepermit/pam_sepermit.8.xml +++ /dev/null @@ -1,189 +0,0 @@ -<?xml version="1.0" encoding='UTF-8'?> -<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" - "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> - -<refentry id="pam_sepermit"> - - <refmeta> - <refentrytitle>pam_sepermit</refentrytitle> - <manvolnum>8</manvolnum> - <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> - </refmeta> - - <refnamediv id="pam_sepermit-name"> - <refname>pam_sepermit</refname> - <refpurpose>PAM module to allow/deny login depending on SELinux enforcement state</refpurpose> - </refnamediv> - - <refsynopsisdiv> - <cmdsynopsis id="pam_sepermit-cmdsynopsis"> - <command>pam_sepermit.so</command> - <arg choice="opt"> - debug - </arg> - <arg choice="opt"> - conf=<replaceable>/path/to/config/file</replaceable> - </arg> - </cmdsynopsis> - </refsynopsisdiv> - - <refsect1 id="pam_sepermit-description"> - <title>DESCRIPTION</title> - <para> - The pam_sepermit module allows or denies login depending on SELinux - enforcement state. - </para> - <para> - When the user which is logging in matches an entry in the config file - he is allowed access only when the SELinux is in enforcing mode. Otherwise - he is denied access. For users not matching any entry in the config file - the pam_sepermit module returns PAM_IGNORE return value. - </para> - <para> - The config file contains a simple list of user names one per line. If the - <replaceable>name</replaceable> is prefixed with <emphasis>@</emphasis> character it means that all - users in the group <replaceable>name</replaceable> match. If it is prefixed - with a <emphasis>%</emphasis> character the SELinux user is used to match against the <replaceable>name</replaceable> - instead of the account name. Note that when SELinux is disabled the - SELinux user assigned to the account cannot be determined. This means that - such entries are never matched when SELinux is disabled and pam_sepermit - will return PAM_IGNORE. - </para> - <para> - Each user name in the configuration file can have optional arguments separated - by <emphasis>:</emphasis> character. The only currently recognized argument is <emphasis>exclusive</emphasis>. - The pam_sepermit module will allow only single concurrent user session for - the user with this argument specified and it will attempt to kill all processes - of the user after logout. - </para> - </refsect1> - - <refsect1 id="pam_sepermit-options"> - <title>OPTIONS</title> - <variablelist> - <varlistentry> - <term> - <option>debug</option> - </term> - <listitem> - <para> - Turns on debugging via - <citerefentry> - <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum> - </citerefentry>. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term> - <option>conf=<replaceable>/path/to/config/file</replaceable></option> - </term> - <listitem> - <para> - Path to alternative config file overriding the default. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_sepermit-services"> - <title>MODULE SERVICES PROVIDED</title> - <para> - Only the <option>auth</option> and <option>account</option> - services are supported. - </para> - </refsect1> - - <refsect1 id='pam_sepermit-return_values'> - <title>RETURN VALUES</title> - <variablelist> - <varlistentry> - <term>PAM_AUTH_ERR</term> - <listitem> - <para> - SELinux is disabled or in the permissive mode and the user - matches. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SUCCESS</term> - <listitem> - <para> - SELinux is in the enforcing mode and the user matches. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_IGNORE</term> - <listitem> - <para> - The user does not match any entry in the config file. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_USER_UNKNOWN</term> - <listitem> - <para> - The module was unable to determine the user's name. - </para> - </listitem> - </varlistentry> - <varlistentry> - <term>PAM_SERVICE_ERR</term> - <listitem> - <para> - Error during reading or parsing the config file. - </para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id="pam_sepermit-files"> - <title>FILES</title> - <variablelist> - <varlistentry> - <term><filename>/etc/security/sepermit.conf</filename></term> - <listitem> - <para>Default configuration file</para> - </listitem> - </varlistentry> - </variablelist> - </refsect1> - - <refsect1 id='pam_sepermit-examples'> - <title>EXAMPLES</title> - <programlisting> -auth [success=done ignore=ignore default=bad] pam_sepermit.so -auth required pam_unix.so -account required pam_unix.so -session required pam_permit.so - </programlisting> - </refsect1> - - <refsect1 id='pam_sepermit-see_also'> - <title>SEE ALSO</title> - <para> - <citerefentry> - <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum> - </citerefentry>, - <citerefentry> - <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> - </citerefentry> - </para> - </refsect1> - - <refsect1 id='pam_sepermit-author'> - <title>AUTHOR</title> - <para> - pam_sepermit was written by Tomas Mraz <tmraz@redhat.com>. - </para> - </refsect1> - -</refentry> |