PAM_DENY(7) Standards, Environments, and Macros PAM_DENY(7)

pam_deny - PAM authentication, account, session and password management PAM module to deny operations

The pam_deny module implements all the PAM service module functions and returns the module type default failure return code for all calls.

The following options are interpreted:


syslog(3C) debugging information at the LOG_AUTH|LOG_DEBUG levels

The following error codes are returned:


If pam_sm_acct_mgmt is called.


If pam_sm_authenticate is called.


If pam_sm_chauthtok is called.


If pam_sm_setcred is called.


If pam_sm_open_session or pam_sm_close_session is called.

Example 1 Disallowing ssh none authentication

sshd-none auth requisite
sshd-none account requisite
sshd-none session requisite
sshd-none password requisite

Example 2 Disallowing any service not explicitly defined

other auth requisite
other account requisite
other session requisite
other password requisite

See attributes(7) for a description of the following attributes:

Interface Stability Evolving
MT Level MT-Safe with exceptions

syslog(3C), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM), nsswitch.conf(5), pam.conf(5), attributes(7), pam_authtok_check(7), pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7), pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7), pam_unix_session(7), privileges(7), su(8)

The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

The pam_deny module is intended to deny access to a specified service. The other service name may be used to deny access to services not explicitly specified.

August 19, 2023 OmniOS