pam_deny - 手册页部分 5：标准、环境和宏

语言：

pam_deny(5)

名称

pam_deny - PAM authentication, account, session and password management PAM module to deny operations

用法概要

pam_deny.so.1

描述

The pam_deny module implements all the PAM service module functions and returns the module type default failure return code for all calls.

The following options are interpreted:

debug: syslog(3C) debugging information at the LOG_AUTH|LOG_DEBUG levels

错误

The following error codes are returned:

PAM_ACCT_EXPIRED: If pam_sm_acct_mgmt is called.
PAM_AUTH_ERR: If pam_sm_authenticate is called.
PAM_AUTHOK_ERR: If pam_sm_chauthtok is called.
PAM_CRED_ERR: If pam_sm_setcred is called.
PAM_SESSION_ERR: If pam_sm_open_session or pam_sm_close_session is called.

示例

示例 1 Disallowing ssh none authentication

The following example is a pam.conf fragment that illustrates how to deny the SSHv2 userauth of “none”:


 sshd-none      auth       requisite   pam_deny.so.1
 sshd-none      account    requisite   pam_deny.so.1
 sshd-none      session    requisite   pam_deny.so.1
 sshd-none      password   requisite   pam_deny.so.1

The equivalent configuration in /etc/pam.d/ would be the following entries in /etc/pam.d/sshd-none:

auth      requisite   pam_deny.so.1
account   requisite   pam_deny.so.1
session   requisite   pam_deny.so.1
password  requisite   pam_deny.so.1

示例 2 Disallowing any service not explicitly defined

The following example is a pam.conf fragment that illustrates how to deny any PAM service which is not explicitly defined in the PAM configuration:


 other          auth       requisite   pam_deny.so.1
 other          account    requisite   pam_deny.so.1
 other          session    requisite   pam_deny.so.1
 other          password   requisite   pam_deny.so.1

The equivalent configuration in /etc/pam.d/ would be the following entries in /etc/pam.d/other:

auth      requisite   pam_deny.so.1
account   requisite   pam_deny.so.1
session   requisite   pam_deny.so.1
password  requisite   pam_deny.so.1

属性

See attributes(5) for a description of the following attributes:

ATTRIBUTE TYPE	ATTRIBUTE VALUE
Interface Stability	Committed
MT-Level	MT-Safe with exceptions

另请参见

su(1M), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM) , syslog(3C), pam.conf(4) , nsswitch.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5), privileges(5)

附注

The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

The pam_deny module is intended to deny access to a specified service. The other service name may be used to deny access to services not explicitly specified.