PAM_DENY(7) | Standards, Environments, and Macros | PAM_DENY(7) |
pam_deny - PAM authentication, account, session and password management PAM module to deny operations
pam_deny.so.1
The pam_deny module implements all the PAM service module functions and returns the module type default failure return code for all calls.
The following options are interpreted:
debug
The following error codes are returned:
PAM_ACCT_EXPIRED
PAM_AUTH_ERR
PAM_AUTHTOK_ERR
PAM_CRED_ERR
PAM_SESSION_ERR
Example 1 Disallowing ssh none authentication
sshd-none auth requisite pam_deny.so.1
sshd-none account requisite pam_deny.so.1
sshd-none session requisite pam_deny.so.1
sshd-none password requisite pam_deny.so.1
Example 2 Disallowing any service not explicitly defined
other auth requisite pam_deny.so.1
other account requisite pam_deny.so.1
other session requisite pam_deny.so.1
other password requisite pam_deny.so.1
See attributes(7) for a description of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Evolving |
MT Level | MT-Safe with exceptions |
syslog(3C), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM), nsswitch.conf(5), pam.conf(5), attributes(7), pam_authtok_check(7), pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7), privileges(7), su(8)
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The pam_deny module is intended to deny access to a specified service. The other service name may be used to deny access to services not explicitly specified.
August 19, 2023 | OmniOS |