From 9ada0093e92388590c7368600ca4e9e3e376f0d0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 16:22:51 +0200 Subject: Adding upstream version 1.5.2. Signed-off-by: Daniel Baumann --- modules/pam_succeed_if/pam_succeed_if.8.xml | 307 ++++++++++++++++++++++++++++ 1 file changed, 307 insertions(+) create mode 100644 modules/pam_succeed_if/pam_succeed_if.8.xml (limited to 'modules/pam_succeed_if/pam_succeed_if.8.xml') diff --git a/modules/pam_succeed_if/pam_succeed_if.8.xml b/modules/pam_succeed_if/pam_succeed_if.8.xml new file mode 100644 index 0000000..14d939a --- /dev/null +++ b/modules/pam_succeed_if/pam_succeed_if.8.xml @@ -0,0 +1,307 @@ + + + + + + + + + + pam_succeed_if + 8 + Linux-PAM + + + + pam_succeed_if + test account characteristics + + + + + + pam_succeed_if.so + flag + condition + + + + + + DESCRIPTION + + pam_succeed_if.so is designed to succeed or fail authentication + based on characteristics of the account belonging to the user being + authenticated or values of other PAM items. One use is to select whether + to load other modules based on this test. + + + + The module should be given one or more conditions as module arguments, + and authentication will succeed only if all of the conditions are met. + + + + + OPTIONS + + The following flags are supported: + + + + + + + Turns on debugging messages sent to syslog. + + + + + + + Evaluate conditions using the account of the user whose UID + the application is running under instead of the user being + authenticated. + + + + + + + Don't log failure or success to the system log. + + + + + + + Don't log failure to the system log. + + + + + + + + Don't log success to the system log. + + + + + + + + Log unknown users to the system log. + + + + + + + Conditions are three words: a field, a test, + and a value to test for. + + + Available fields are user, + uid, gid, + shell, home, + ruser, rhost, + tty and service: + + + + + + + Field has a value numerically less than number. + + + + + + + Field has a value numerically less than or equal to number. + + + + + + + + Field has a value numerically equal to number. + + + + + + + + Field has a value numerically greater than or equal to number. + + + + + + + + Field has a value numerically greater than number. + + + + + + + + Field has a value numerically different from number. + + + + + + + + Field exactly matches the given string. + + + + + + + + Field does not match the given string. + + + + + + + Field matches the given glob. + + + + + + Field does not match the given glob. + + + + + + Field is contained in the list of items separated by colons. + + + + + + Field is not contained in the list of items separated by colons. + + + + + + User is in given group(s). + + + + + + User is not in given group(s). + + + + + + (user,host) is in given netgroup. + + + + + + (user,host) is not in given netgroup. + + + + + + + MODULE TYPES PROVIDED + + All module types (, , + and ) are provided. + + + + + RETURN VALUES + + + + PAM_SUCCESS + + + The condition was true. + + + + + + PAM_AUTH_ERR + + + The condition was false. + + + + + + PAM_SERVICE_ERR + + + A service error occurred or the arguments can't be + parsed correctly. + + + + + + + + + EXAMPLES + + To emulate the behaviour of pam_wheel, except + there is no fallback to group 0 being only approximated by checking also the root group membership: + + +auth required pam_succeed_if.so quiet user ingroup wheel:root + + + + Given that the type matches, only loads the othermodule rule if + the UID is over 500. Adjust the number after default to skip + several rules. + + +type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500 +type required othermodule.so arguments... + + + + + SEE ALSO + + + glob7 + , + + pam8 + + + + + + AUTHOR + Nalin Dahyabhai <nalin@redhat.com> + + -- cgit v1.2.3