From d18ff5d080eb2518e8bef6601e64904428e3bb98 Mon Sep 17 00:00:00 2001 From: Thorsten Kukuk Date: Sun, 4 Jun 2006 01:48:33 +0000 Subject: Relevant BUGIDs: Purpose of commit: new feature Commit summary: --------------- 2006-06-04 Thorsten Kukuk * modules/pam_nologin/Makefile.am: Include Make.xml.rules. * modules/pam_nologin/pam_nologin.8.xml: New. * modules/pam_nologin/pam_nologin.8: Regenerated from xml file. * modules/pam_nologin/README.xml: New. * modules/pam_nologin/README: Regenerated from xml file. --- modules/pam_nologin/README | 46 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 32 insertions(+), 14 deletions(-) (limited to 'modules/pam_nologin/README') diff --git a/modules/pam_nologin/README b/modules/pam_nologin/README index 11dc7635..3ffa591d 100644 --- a/modules/pam_nologin/README +++ b/modules/pam_nologin/README @@ -1,23 +1,41 @@ -# $Id$ -# +pam_nologin — Prevent non-root users from login -This module always lets root in; it lets other users in only if the file -/etc/nologin doesn't exist. In any case, if /etc/nologin exists, it's -contents are displayed to the user. +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -The default return value for this module is PAM_IGNORE, you can -override this with the successok module argument. +DESCRIPTION -module services provided: +pam_nologin is a PAM module that prevents users from logging into the system +when /etc/nologin exists. The contents of the /etc/nologin file are displayed +to the user. The pam_nologin module has no effect on the root user's ability to +log in. - auth _authenticate and _setcred - account _acct_mgmt +OPTIONS -optional arguments: +file=/path/nologin - file= - choose a different file - successok - return PAM_SUCCESS if no file + Use this file instead the default /etc/nologin. -[Original README by Michael K. Johnson] +successok + Return PAM_SUCCESS if no file exists, the default is PAM_IGNORE. + +EXAMPLES + +The suggested usage for /etc/pam.d/login is: + +auth required pam_nologin.so + + +NOTES + +In order to make this module effective, all login methods should be secured by +it. It should be used as a required method listed before any sufficient methods +in order to get standard Unix nologin semantics. Note, the use of successok +module argument causes the module to return PAM_SUCCESS and as such would break +such a configuration - failing sufficient modules would lead to a successful +login because the nologin module succeeded. + +AUTHOR + +pam_nologin was written by Michael K. Johnson . -- cgit v1.2.3