pam_deny 8 Linux-PAM Manual pam_deny The locking-out PAM module pam_deny.so This module can be used to deny access. It always indicates a failure to the application through the PAM framework. It might be suitable for using for default (the OTHER) entries. All services (account, auth, password and session) are supported. PAM_AUTH_ERR This is returned by the account and auth services. PAM_CRED_ERR This is returned by the setcred function. PAM_AUTHTOK_ERR This is returned by the password service. PAM_SESSION_ERR This is returned by the session service. #%PAM-1.0 # # If we don't have config entries for a service, the # OTHER entries are used. To be secure, warn and deny # access to everything. other auth required pam_warn.so other auth required pam_deny.so other account required pam_warn.so other account required pam_deny.so other password required pam_warn.so other password required pam_deny.so other session required pam_warn.so other session required pam_deny.so pam.conf5 , pam.d8 , pam8 pam_deny was written by Andrew G. Morgan <morgan@kernel.org>