diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:38:36 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-06 01:38:36 +0000 |
commit | 26367bfc399cb3862f94ddca8fce87f98f26d67e (patch) | |
tree | ba3a4e02ed5ec62fe645dfa810c01d26decf591f /modules/pam_sepermit/README | |
parent | Initial commit. (diff) | |
download | pam-upstream.tar.xz pam-upstream.zip |
Adding upstream version 1.3.1.upstream/1.3.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | modules/pam_sepermit/README | 48 | ||||
-rw-r--r-- | modules/pam_sepermit/README.xml | 41 |
2 files changed, 89 insertions, 0 deletions
diff --git a/modules/pam_sepermit/README b/modules/pam_sepermit/README new file mode 100644 index 0000000..cd697bb --- /dev/null +++ b/modules/pam_sepermit/README @@ -0,0 +1,48 @@ +pam_sepermit — PAM module to allow/deny login depending on SELinux enforcement +state + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +The pam_sepermit module allows or denies login depending on SELinux enforcement +state. + +When the user which is logging in matches an entry in the config file he is +allowed access only when the SELinux is in enforcing mode. Otherwise he is +denied access. For users not matching any entry in the config file the +pam_sepermit module returns PAM_IGNORE return value. + +The config file contains a list of user names one per line with optional +arguments. If the name is prefixed with @ character it means that all users in +the group name match. If it is prefixed with a % character the SELinux user is +used to match against the name instead of the account name. Note that when +SELinux is disabled the SELinux user assigned to the account cannot be +determined. This means that such entries are never matched when SELinux is +disabled and pam_sepermit will return PAM_IGNORE. + +See sepermit.conf(5) for details. + +OPTIONS + +debug + + Turns on debugging via syslog(3). + +conf=/path/to/config/file + + Path to alternative config file overriding the default. + +EXAMPLES + +auth [success=done ignore=ignore default=bad] pam_sepermit.so +auth required pam_unix.so +account required pam_unix.so +session required pam_permit.so + + +AUTHOR + +pam_sepermit and this manual page were written by Tomas Mraz +<tmraz@redhat.com>. + diff --git a/modules/pam_sepermit/README.xml b/modules/pam_sepermit/README.xml new file mode 100644 index 0000000..bb65951 --- /dev/null +++ b/modules/pam_sepermit/README.xml @@ -0,0 +1,41 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" +"http://www.docbook.org/xml/4.3/docbookx.dtd" +[ +<!-- +<!ENTITY pamaccess SYSTEM "pam_sepermit.8.xml"> +--> +]> + +<article> + + <articleinfo> + + <title> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_sepermit.8.xml" xpointer='xpointer(//refnamediv[@id = "pam_sepermit-name"]/*)'/> + </title> + + </articleinfo> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-description"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-options"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-examples"]/*)'/> + </section> + + <section> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude" + href="pam_sepermit.8.xml" xpointer='xpointer(//refsect1[@id = "pam_sepermit-author"]/*)'/> + </section> + +</article> |