|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /proc/21585/root/usr/share/doc/pam-0.99.6.2/html/ |
Upload File : |
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>6.16. pam_localuser - require users to be listed in /etc/passwd</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"><link rel="start" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-module-reference.html" title="Chapter 6. A reference guide for available modules"><link rel="prev" href="sag-pam_listfile.html" title="6.15. pam_listfile - deny or allow services based on an arbitrary file"><link rel="next" href="sag-pam_mail.html" title="6.17. pam_mail - inform about available mail"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.16. pam_localuser - require users to be listed in /etc/passwd</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-pam_listfile.html">Prev</a> </td><th width="60%" align="center">Chapter 6. A reference guide for available modules</th><td width="20%" align="right"> <a accesskey="n" href="sag-pam_mail.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-pam_localuser"></a>6.16. pam_localuser - require users to be listed in /etc/passwd</h2></div></div></div><div class="cmdsynopsis"><p><code class="command">pam_localuser.so</code> [
debug
] [
file=<em class="replaceable"><code>/path/passwd</code></em>
]</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_localuser-description"></a>6.16.1. DESCRIPTION</h3></div></div></div><p>
pam_localuser is a PAM module to help implementing site-wide login
policies, where they typically include a subset of the network's
users and a few accounts that are local to a particular workstation.
Using pam_localuser and pam_wheel or pam_listfile is an effective
way to restrict access to either local users and/or a subset of the
network's users.
</p><p>
This could also be implemented using pam_listfile.so and a very
short awk script invoked by cron, but it's common enough to have
been separated out.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_localuser-options"></a>6.16.2. OPTIONS</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
Print debug information.
</p></dd><dt><span class="term">
<code class="option">file=<em class="replaceable"><code>/path/passwd</code></em></code>
</span></dt><dd><p>
Use a file other than <code class="filename">/etc/passwd</code>.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_localuser-services"></a>6.16.3. MODULE SERVICES PROVIDED</h3></div></div></div><p>
The <span class="emphasis"><em>auth</em></span> and
<span class="emphasis"><em>account</em></span> services are supported.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_localuser-return_values"></a>6.16.4. RETURN VALUES</h3></div></div></div><p>
</p><div class="variablelist"><dl><dt><span class="term">PAM_SUCCESS</span></dt><dd><p>
The new localuser was set successfull.
</p></dd><dt><span class="term">PAM_SERVICE_ERR</span></dt><dd><p>
No username was given.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User not known.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_localuser-examples"></a>6.16.5. EXAMPLES</h3></div></div></div><p>
Add the following line to <code class="filename">/etc/pam.d/su</code> to
allow only local users in group wheel to use su.
</p><pre class="programlisting">
account sufficient pam_localuser.so
account required pam_wheel.so
</pre></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_localuser-author"></a>6.16.6. AUTHOR</h3></div></div></div><p>
pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>.
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-pam_listfile.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sag-module-reference.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sag-pam_mail.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">6.15. pam_listfile - deny or allow services based on an arbitrary file </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top"> 6.17. pam_mail - inform about available mail</td></tr></table></div></body></html>