More about modules.
This commit is contained in:
Dag-Erling Smørgrav
parent
62559796f4
commit
ed805b7479
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=16015
1 changed files with 32 additions and 23 deletions
|
|
@ -931,22 +931,32 @@ sshd password required pam_permit.so</programlisting>
|
|||
<title id="pam-modules-deny.title">&man.pam.deny.8;</title>
|
||||
|
||||
<para>The &man.pam.deny.8; module is one of the simplest modules
|
||||
available; it resonds <literal>PAM_AUTH_ERR</literal> to all
|
||||
requests. It is useful for quickly disabling a service (add
|
||||
it to the top of every chain), or for terminating chains of
|
||||
<literal>sufficient</literal> modules.</para>
|
||||
available; it responds to any request with
|
||||
<literal>PAM_AUTH_ERR</literal>. It is useful for quickly
|
||||
disabling a service (add it to the top of every chain), or for
|
||||
terminating chains of <literal>sufficient</literal>
|
||||
modules.</para>
|
||||
</section>
|
||||
|
||||
<section id="pam-modules-echo">
|
||||
<title id="pam-modules-echo.title">&man.pam.echo.8;</title>
|
||||
|
||||
<para>The &man.pam.echo.8; module</para>
|
||||
<para>The &man.pam.echo.8; module simply passes its arguments to
|
||||
the conversation function as a
|
||||
<literal>PAM_TEXT_INFO</literal> message. It is mostly useful
|
||||
for debugging, but can also serve to display messages such as
|
||||
<quote>Unauthorized access will be prosecuted</quote> before
|
||||
starting the authentication procedure.</para>
|
||||
</section>
|
||||
|
||||
<section id="pam-modules-exec">
|
||||
<title id="pam-modules-exec.title">&man.pam.exec.8;</title>
|
||||
|
||||
<para>The &man.pam.exec.8; module</para>
|
||||
<para>The &man.pam.exec.8; module takes its first argument to be
|
||||
the name of a program to execute, and the remaining arguments
|
||||
are passed to that program as command-line arguments. One
|
||||
possible application is to use it to run a program at login
|
||||
time which mounts the user's home directory.</para>
|
||||
</section>
|
||||
|
||||
<section id="pam-modules-ftp">
|
||||
|
|
@ -961,6 +971,17 @@ sshd password required pam_permit.so</programlisting>
|
|||
<para>The &man.pam.ftpusers.8; module</para>
|
||||
</section>
|
||||
|
||||
<section id="pam-modules-group">
|
||||
<title id="pam-modules-group.title">&man.pam.group.8;</title>
|
||||
|
||||
<para>The &man.pam.group.8; module accepts or rejects applicants
|
||||
on the basis of their membership in a particular file group
|
||||
(normally <literal>wheel</literal> for &man.su.1;). It is
|
||||
primarily intended for maintaining the traditional behaviour
|
||||
of BSD &man.su.1;, but has many other uses, such as excluding
|
||||
certain groups of users from a particular service.</para>
|
||||
</section>
|
||||
|
||||
<section id="pam-modules-kerberosIV">
|
||||
<title id="pam-modules-kerberosIV.title">&man.pam.kerberosIV.8;</title>
|
||||
|
||||
|
|
@ -1023,7 +1044,7 @@ sshd password required pam_permit.so</programlisting>
|
|||
authentication from untrusted hosts.</para>
|
||||
|
||||
<para>In order to be effective, the &man.pam.opieaccess.8;
|
||||
module must be listed as <literal>required</literal>
|
||||
module must be listed as <literal>requisite</literal>
|
||||
immediately after a <literal>sufficient</literal> entry for
|
||||
&man.pam.opie.8;, and before any other modules, in the
|
||||
<literal>auth</literal> chain.</para>
|
||||
|
|
@ -1039,9 +1060,10 @@ sshd password required pam_permit.so</programlisting>
|
|||
<title id="pam-modules-permit.title">&man.pam.permit.8;</title>
|
||||
|
||||
<para>The &man.pam.permit.8; module is one of the simplest
|
||||
modules available; it responds <literal>PAM_SUCCESS</literal>
|
||||
to all requests. It is useful as a placeholder for services
|
||||
where one or more chains would otherwise be empty.</para>
|
||||
modules available; it responds to any request with
|
||||
<literal>PAM_SUCCESS</literal>. It is useful as a placeholder
|
||||
for services where one or more chains would otherwise be
|
||||
empty.</para>
|
||||
</section>
|
||||
|
||||
<section id="pam-modules-radius">
|
||||
|
|
@ -1108,19 +1130,6 @@ sshd password required pam_permit.so</programlisting>
|
|||
maintain historical behaviour for at least some
|
||||
services.</para>
|
||||
</section>
|
||||
|
||||
<section id="pam-modules-wheel">
|
||||
<title id="pam-modules-wheel.title">&man.pam.wheel.8;</title>
|
||||
|
||||
<para>The &man.pam.wheel.8; module rejects applicant which are
|
||||
not members of the <literal>wheel</literal> group, or some
|
||||
other file group specified in the module options. It is
|
||||
primarily intended for maintaining the traditional behaviour
|
||||
of BSD &man.su.1;. Linux and SysV-derived Unices generally do
|
||||
not enforce <literal>wheel</literal> membership, so some
|
||||
admins may wish to disable this for consistency with other
|
||||
systems in their network.</para>
|
||||
</section>
|
||||
</section>
|
||||
|
||||
<section id="pam-appl-prog">
|
||||
|
|
|
|||
Loading…
Reference in a new issue