mirror of
https://github.com/linux-pam/linux-pam.git
synced 2024-11-23 17:53:40 +08:00
5a6a2d169c
* modules/pam_localuser/pam_localuser.8.xml: The example configuration does something different.
174 lines
4.4 KiB
XML
174 lines
4.4 KiB
XML
<?xml version="1.0" encoding='UTF-8'?>
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
|
|
|
<refentry id="pam_localuser">
|
|
|
|
<refmeta>
|
|
<refentrytitle>pam_localuser</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
<refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
|
|
</refmeta>
|
|
|
|
<refnamediv id="pam_localuser-name">
|
|
<refname>pam_localuser</refname>
|
|
<refpurpose>require users to be listed in /etc/passwd</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis id="pam_localuser-cmdsynopsis">
|
|
<command>pam_localuser.so</command>
|
|
<arg choice="opt">
|
|
debug
|
|
</arg>
|
|
<arg choice="opt">
|
|
file=<replaceable>/path/passwd</replaceable>
|
|
</arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id="pam_localuser-description">
|
|
|
|
<title>DESCRIPTION</title>
|
|
|
|
<para>
|
|
pam_localuser is a PAM module to help implementing site-wide login
|
|
policies, where they typically include a subset of the network's
|
|
users and a few accounts that are local to a particular workstation.
|
|
Using pam_localuser and pam_wheel or pam_listfile is an effective
|
|
way to restrict access to either local users and/or a subset of the
|
|
network's users.
|
|
</para>
|
|
<para>
|
|
This could also be implemented using pam_listfile.so and a very
|
|
short awk script invoked by cron, but it's common enough to have
|
|
been separated out.
|
|
</para>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1 id="pam_localuser-options">
|
|
|
|
<title>OPTIONS</title>
|
|
<para>
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>debug</option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Print debug information.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>
|
|
<option>file=<replaceable>/path/passwd</replaceable></option>
|
|
</term>
|
|
<listitem>
|
|
<para>
|
|
Use a file other than <filename>/etc/passwd</filename>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id="pam_localuser-types">
|
|
<title>MODULE TYPES PROVIDED</title>
|
|
<para>
|
|
All module types (<option>account</option>, <option>auth</option>,
|
|
<option>password</option> and <option>session</option>) are provided.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='pam_localuser-return_values'>
|
|
<title>RETURN VALUES</title>
|
|
<para>
|
|
<variablelist>
|
|
|
|
<varlistentry>
|
|
<term>PAM_SUCCESS</term>
|
|
<listitem>
|
|
<para>
|
|
The new localuser was set successfully.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>PAM_SERVICE_ERR</term>
|
|
<listitem>
|
|
<para>
|
|
No username was given.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>PAM_PERM_DENIED</term>
|
|
<listitem>
|
|
<para>
|
|
The user is not listed in the passwd file.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
</variablelist>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='pam_localuser-examples'>
|
|
<title>EXAMPLES</title>
|
|
<para>
|
|
Add the following lines to <filename>/etc/pam.d/su</filename> to
|
|
allow only local users or group wheel to use su.
|
|
<programlisting>
|
|
account sufficient pam_localuser.so
|
|
account required pam_wheel.so
|
|
</programlisting>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id="pam_localuser-files">
|
|
<title>FILES</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><filename>/etc/passwd</filename></term>
|
|
<listitem>
|
|
<para>Local user account information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1 id='pam_localuser-see_also'>
|
|
<title>SEE ALSO</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
|
|
</citerefentry>,
|
|
<citerefentry>
|
|
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
|
|
</citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id='pam_localuser-author'>
|
|
<title>AUTHOR</title>
|
|
<para>
|
|
pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>.
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|