summaryrefslogtreecommitdiffstats
path: root/modules/pam_deny/pam_deny.8.xml
blob: a928358293fd32c718b54aed79cb5d2d58acd4b8 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">

<refentry id="pam_deny">

  <refmeta>
    <refentrytitle>pam_deny</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
  </refmeta>

  <refnamediv id="pam_deny-name">
    <refname>pam_deny</refname>
    <refpurpose>The locking-out PAM module</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis id="pam_deny-cmdsynopsis">
      <command>pam_deny.so</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id="pam_deny-description">

    <title>DESCRIPTION</title>

    <para>
      This module can be used to deny access. It always indicates a failure
      to the application through the PAM framework. It might be suitable
      for using for default (the <emphasis>OTHER</emphasis>) entries.
    </para>

  </refsect1>

  <refsect1 id="pam_deny-options">
    <title>OPTIONS</title>
    <para>This module does not recognise any options.</para>
  </refsect1>

  <refsect1 id="pam_deny-types">
    <title>MODULE TYPES PROVIDED</title>
    <para>
      All module types (<option>account</option>, <option>auth</option>,
      <option>password</option> and <option>session</option>) are provided.
    </para>
  </refsect1>

  <refsect1 id='pam_deny-return_values'>
    <title>RETURN VALUES</title>
    <para>
      <variablelist>

        <varlistentry>
          <term>PAM_AUTH_ERR</term>
          <listitem>
            <para>
              This is returned by the account and auth services.
            </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>PAM_CRED_ERR</term>
          <listitem>
            <para>
              This is returned by the setcred function.
            </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>PAM_AUTHTOK_ERR</term>
          <listitem>
            <para>
              This is returned by the password service.
            </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>PAM_SESSION_ERR</term>
          <listitem>
            <para>
              This is returned by the session service.
            </para>
          </listitem>
        </varlistentry>

      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='pam_deny-examples'>
    <title>EXAMPLES</title>
    <programlisting>
#%PAM-1.0
#
# If we don't have config entries for a service, the
# OTHER entries are used. To be secure, warn and deny
# access to everything.
other auth     required       pam_warn.so
other auth     required       pam_deny.so
other account  required       pam_warn.so
other account  required       pam_deny.so
other password required       pam_warn.so
other password required       pam_deny.so
other session  required       pam_warn.so
other session  required       pam_deny.so
    </programlisting>
  </refsect1>

  <refsect1 id='pam_deny-see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>

  <refsect1 id='pam_deny-author'>
    <title>AUTHOR</title>
      <para>
        pam_deny was written by Andrew G. Morgan &lt;morgan@kernel.org&gt;
      </para>
  </refsect1>

</refentry>