summaryrefslogtreecommitdiffstats
path: root/modules/pam_sepermit/README
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:38:36 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-06 01:38:36 +0000
commit26367bfc399cb3862f94ddca8fce87f98f26d67e (patch)
treeba3a4e02ed5ec62fe645dfa810c01d26decf591f /modules/pam_sepermit/README
parentInitial commit. (diff)
downloadpam-upstream.tar.xz
pam-upstream.zip
Adding upstream version 1.3.1.upstream/1.3.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--modules/pam_sepermit/README48
-rw-r--r--modules/pam_sepermit/README.xml41
2 files changed, 89 insertions, 0 deletions
diff --git a/modules/pam_sepermit/README b/modules/pam_sepermit/README
new file mode 100644
index 0000000..cd697bb
--- /dev/null
+++ b/modules/pam_sepermit/README
@@ -0,0 +1,48 @@
+pam_sepermit — PAM module to allow/deny login depending on SELinux enforcement
+state
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_sepermit module allows or denies login depending on SELinux enforcement
+state.
+
+When the user which is logging in matches an entry in the config file he is
+allowed access only when the SELinux is in enforcing mode. Otherwise he is
+denied access. For users not matching any entry in the config file the
+pam_sepermit module returns PAM_IGNORE return value.
+
+The config file contains a list of user names one per line with optional
+arguments. If the name is prefixed with @ character it means that all users in
+the group name match. If it is prefixed with a % character the SELinux user is
+used to match against the name instead of the account name. Note that when
+SELinux is disabled the SELinux user assigned to the account cannot be
+determined. This means that such entries are never matched when SELinux is
+disabled and pam_sepermit will return PAM_IGNORE.
+
+See sepermit.conf(5) for details.
+
+OPTIONS
+
+debug
+
+ Turns on debugging via syslog(3).
+
+conf=/path/to/config/file
+
+ Path to alternative config file overriding the default.
+
+EXAMPLES
+
+auth [success=done ignore=ignore default=bad] pam_sepermit.so
+auth required pam_unix.so
+account required pam_unix.so
+session required pam_permit.so
+
+
+AUTHOR
+
+pam_sepermit and this manual page were written by Tomas Mraz
+<tmraz@redhat.com>.
+
diff --git a/modules/pam_sepermit/README.xml b/modules/pam_sepermit/README.xml
new file mode 100644
index 0000000..bb65951
--- /dev/null
+++ b/modules/pam_sepermit/README.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+"http://www.docbook.org/xml/4.3/docbookx.dtd"
+[
+<!--
+<!ENTITY pamaccess SYSTEM "pam_sepermit.8.xml">
+-->
+]>
+
+<article>
+
+ <articleinfo>
+
+ <title>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_sepermit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_sepermit-name"]/*)'/>
+ </title>
+
+ </articleinfo>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-description"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-options"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-examples"]/*)'/>
+ </section>
+
+ <section>
+ <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"
+ href="pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-author"]/*)'/>
+ </section>
+
+</article>