diff options
Diffstat (limited to '')
-rw-r--r-- | modules/pam_usertype/pam_usertype.8 | 135 | ||||
-rw-r--r-- | modules/pam_usertype/pam_usertype.8.xml | 199 |
2 files changed, 334 insertions, 0 deletions
diff --git a/modules/pam_usertype/pam_usertype.8 b/modules/pam_usertype/pam_usertype.8 new file mode 100644 index 0000000..2f02101 --- /dev/null +++ b/modules/pam_usertype/pam_usertype.8 @@ -0,0 +1,135 @@ +'\" t +.\" Title: pam_usertype +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/> +.\" Date: 09/03/2021 +.\" Manual: Linux-PAM +.\" Source: Linux-PAM +.\" Language: English +.\" +.TH "PAM_USERTYPE" "8" "09/03/2021" "Linux-PAM" "Linux\-PAM" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_usertype \- check if the authenticated user is a system or regular account +.SH "SYNOPSIS" +.HP \w'\fBpam_usertype\&.so\fR\ 'u +\fBpam_usertype\&.so\fR [\fIflag\fR...] {\fIcondition\fR} +.SH "DESCRIPTION" +.PP +pam_usertype\&.so is designed to succeed or fail authentication based on type of the account of the authenticated user\&. The type of the account is decided with help of +\fISYS_UID_MIN\fR +and +\fISYS_UID_MAX\fR +settings in +\fI/etc/login\&.defs\fR\&. One use is to select whether to load other modules based on this test\&. +.PP +The module should be given only one condition as module argument\&. Authentication will succeed only if the condition is met\&. +.SH "OPTIONS" +.PP +The following +\fIflag\fRs are supported: +.PP +\fBuse_uid\fR +.RS 4 +Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&. +.RE +.PP +\fBaudit\fR +.RS 4 +Log unknown users to the system log\&. +.RE +.PP +Available +\fIcondition\fRs are: +.PP +\fBissystem\fR +.RS 4 +Succeed if the user is a system user\&. +.RE +.PP +\fBisregular\fR +.RS 4 +Succeed if the user is a regular user\&. +.RE +.SH "MODULE TYPES PROVIDED" +.PP +All module types (\fBaccount\fR, +\fBauth\fR, +\fBpassword\fR +and +\fBsession\fR) are provided\&. +.SH "RETURN VALUES" +.PP +PAM_SUCCESS +.RS 4 +The condition was true\&. +.RE +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_CONV_ERR +.RS 4 +The conversation method supplied by the application failed to obtain the username\&. +.RE +.PP +PAM_INCOMPLETE +.RS 4 +The conversation method supplied by the application returned PAM_CONV_AGAIN\&. +.RE +.PP +PAM_AUTH_ERR +.RS 4 +The condition was false\&. +.RE +.PP +PAM_SERVICE_ERR +.RS 4 +A service error occurred or the arguments can\*(Aqt be parsed correctly\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 +User was not found\&. +.RE +.SH "EXAMPLES" +.PP +Skip remaining modules if the user is a system user: +.sp +.if n \{\ +.RS 4 +.\} +.nf +account sufficient pam_usertype\&.so issystem + +.fi +.if n \{\ +.RE +.\} +.SH "SEE ALSO" +.PP +\fBlogin.defs\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +Pavel Březina <pbrezina@redhat\&.com> diff --git a/modules/pam_usertype/pam_usertype.8.xml b/modules/pam_usertype/pam_usertype.8.xml new file mode 100644 index 0000000..7651da6 --- /dev/null +++ b/modules/pam_usertype/pam_usertype.8.xml @@ -0,0 +1,199 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> + + +<refentry id='pam_usertype'> + <refmeta> + <refentrytitle>pam_usertype</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class='sectdesc'>Linux-PAM</refmiscinfo> + </refmeta> + + <refnamediv id='pam_usertype-name'> + <refname>pam_usertype</refname> + <refpurpose>check if the authenticated user is a system or regular account</refpurpose> + </refnamediv> + + + <refsynopsisdiv> + <cmdsynopsis id='pam_usertype-cmdsynopsis'> + <command>pam_usertype.so</command> + <arg choice='opt' rep='repeat'><replaceable>flag</replaceable></arg> + <arg choice='req'><replaceable>condition</replaceable></arg> + </cmdsynopsis> + </refsynopsisdiv> + + + <refsect1 id='pam_usertype-description'> + <title>DESCRIPTION</title> + <para> + pam_usertype.so is designed to succeed or fail authentication + based on type of the account of the authenticated user. + The type of the account is decided with help of + <emphasis>SYS_UID_MIN</emphasis> and <emphasis>SYS_UID_MAX</emphasis> + settings in <emphasis>/etc/login.defs</emphasis>. One use is to select + whether to load other modules based on this test. + </para> + + <para> + The module should be given only one condition as module argument. + Authentication will succeed only if the condition is met. + </para> + </refsect1> + + <refsect1 id="pam_usertype-options"> + <title>OPTIONS</title> + <para> + The following <emphasis>flag</emphasis>s are supported: + </para> + + <variablelist> + <varlistentry> + <term><option>use_uid</option></term> + <listitem> + <para> + Evaluate conditions using the account of the user whose UID + the application is running under instead of the user being + authenticated. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>audit</option></term> + <listitem> + <para> + Log unknown users to the system log. + </para> + </listitem> + </varlistentry> + </variablelist> + + <para> + Available <emphasis>condition</emphasis>s are: + </para> + + <variablelist> + <varlistentry> + <term><option>issystem</option></term> + <listitem> + <para>Succeed if the user is a system user.</para> + </listitem> + </varlistentry> + <varlistentry> + <term><option>isregular</option></term> + <listitem> + <para>Succeed if the user is a regular user.</para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_usertype-types"> + <title>MODULE TYPES PROVIDED</title> + <para> + All module types (<option>account</option>, <option>auth</option>, + <option>password</option> and <option>session</option>) are provided. + </para> + </refsect1> + + <refsect1 id='pam_usertype-return_values'> + <title>RETURN VALUES</title> + <variablelist> + + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + The condition was true. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_BUF_ERR</term> + <listitem> + <para> + Memory buffer error. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_CONV_ERR</term> + <listitem> + <para> + The conversation method supplied by the application + failed to obtain the username. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_INCOMPLETE</term> + <listitem> + <para> + The conversation method supplied by the application + returned PAM_CONV_AGAIN. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_AUTH_ERR</term> + <listitem> + <para> + The condition was false. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_SERVICE_ERR</term> + <listitem> + <para> + A service error occurred or the arguments can't be + parsed correctly. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User was not found. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + + <refsect1 id='pam_usertype-examples'> + <title>EXAMPLES</title> + <para> + Skip remaining modules if the user is a system user: + </para> + <programlisting> +account sufficient pam_usertype.so issystem + </programlisting> + </refsect1> + + <refsect1 id='pam_usertype-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> + + <refsect1 id='pam_usertype-author'> + <title>AUTHOR</title> + <para>Pavel Březina <pbrezina@redhat.com></para> + </refsect1> +</refentry> |