blob: 2f021013611fa4f662fdc46cb15c441b9ef855fa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
'\" t
.\" Title: pam_usertype
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 09/03/2021
.\" Manual: Linux-PAM
.\" Source: Linux-PAM
.\" Language: English
.\"
.TH "PAM_USERTYPE" "8" "09/03/2021" "Linux-PAM" "Linux\-PAM"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_usertype \- check if the authenticated user is a system or regular account
.SH "SYNOPSIS"
.HP \w'\fBpam_usertype\&.so\fR\ 'u
\fBpam_usertype\&.so\fR [\fIflag\fR...] {\fIcondition\fR}
.SH "DESCRIPTION"
.PP
pam_usertype\&.so is designed to succeed or fail authentication based on type of the account of the authenticated user\&. The type of the account is decided with help of
\fISYS_UID_MIN\fR
and
\fISYS_UID_MAX\fR
settings in
\fI/etc/login\&.defs\fR\&. One use is to select whether to load other modules based on this test\&.
.PP
The module should be given only one condition as module argument\&. Authentication will succeed only if the condition is met\&.
.SH "OPTIONS"
.PP
The following
\fIflag\fRs are supported:
.PP
\fBuse_uid\fR
.RS 4
Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&.
.RE
.PP
\fBaudit\fR
.RS 4
Log unknown users to the system log\&.
.RE
.PP
Available
\fIcondition\fRs are:
.PP
\fBissystem\fR
.RS 4
Succeed if the user is a system user\&.
.RE
.PP
\fBisregular\fR
.RS 4
Succeed if the user is a regular user\&.
.RE
.SH "MODULE TYPES PROVIDED"
.PP
All module types (\fBaccount\fR,
\fBauth\fR,
\fBpassword\fR
and
\fBsession\fR) are provided\&.
.SH "RETURN VALUES"
.PP
PAM_SUCCESS
.RS 4
The condition was true\&.
.RE
.PP
PAM_BUF_ERR
.RS 4
Memory buffer error\&.
.RE
.PP
PAM_CONV_ERR
.RS 4
The conversation method supplied by the application failed to obtain the username\&.
.RE
.PP
PAM_INCOMPLETE
.RS 4
The conversation method supplied by the application returned PAM_CONV_AGAIN\&.
.RE
.PP
PAM_AUTH_ERR
.RS 4
The condition was false\&.
.RE
.PP
PAM_SERVICE_ERR
.RS 4
A service error occurred or the arguments can\*(Aqt be parsed correctly\&.
.RE
.PP
PAM_USER_UNKNOWN
.RS 4
User was not found\&.
.RE
.SH "EXAMPLES"
.PP
Skip remaining modules if the user is a system user:
.sp
.if n \{\
.RS 4
.\}
.nf
account sufficient pam_usertype\&.so issystem
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBlogin.defs\fR(5),
\fBpam\fR(8)
.SH "AUTHOR"
.PP
Pavel Březina <pbrezina@redhat\&.com>
|
