blob: fdb278ef9582cac0469170caa6ade987590c3945 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
pam_succeed_if:
Succeed or fail based on account characteristics.
pam_succeed_if.so is designed to succeed or fail authentication based
on characteristics of the account belonging to the user being
authenticated.
The module can be given one or more conditions as module arguments, and
authentication will succeed only if all of the conditions are met.
Conditions are expressed in the form
ATTRIBUTE OPERATOR VALUE
Recognized attributes:
LOGIN - The user's login name.
UID - The user's UID.
GID - The user's primary GID.
SHELL - The user's shell.
HOME - The user's home directory.
Recognized operators:
< - Arithmetic less-than.
<= - Arithmetic less-than-or-equal-to.
> - Arithmetic greater-than.
>= - Arithmetic greater-than-or-equal-to.
eq - Arithmetic equality.
= - String equality.
ne - Arithmetic inequality.
!= - String inequality.
=~ - Wildcard match.
!~ - Wildcard mismatch.
ingroup - Group membership check. [*]
notingroup - Group non-membership check. [*]
* The "ingroup" and "notingroup" operators should only be
used with the USER attribute.
Examples:
Deny authentication to all users except those in the wheel
group, before even asking for a password:
auth requisite pam_succeed_if.so user ingroup wheel
Assume all users with UID less than 500 ("system users") have
valid accounts.
account sufficient pam_succeed_if.so uid < 500
Deny login to all nologin users.
auth requisite pam_succeed_if.so shell !~ nologin
RECOGNIZED ARGUMENTS:
debug write debugging messages to syslog
use_uid perform checks on the account of the user under whose
UID the application is running instead of the user
being authenticated
quiet don't log failure or success to syslog
quiet_fail don't log failure to syslog
quiet_success don't log success to syslog
MODULE SERVICES PROVIDED:
authentication, account management
AUTHOR:
Nalin Dahyabhai <nalin@redhat.com>
|