pam_localuser

pam_localuser - require users to be listed in /etc/passwd

Synopsis

pam_localuser.so [debug] [file=/path/passwd]

DESCRIPTION

pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users.

This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out.

OPTIONS

debug

Print debug information.

file=/path/passwd

Use a file other than FC/etc/passwdF[].

MODULE TYPES PROVIDED

All module types (account, auth, password and session) are provided.

RETURN VALUES

PAM_SUCCESS

The new localuser was set successfully.

PAM_SERVICE_ERR

No username was given.

PAM_USER_UNKNOWN

User not known.

EXAMPLES

Add the following line to FC/etc/pam.d/suF[] to allow only local users in group wheel to use su.

 
 
 account sufficient pam_localuser.so
 account required pam_wheel.so
       
 

 

FILES

FC/etc/passwdF[]

Local user account information.

SEE ALSO

pam.conf(5), pam.d(5), pam(8)

AUTHOR

pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>.