Title: pam_succeed_if Author: [see the "AUTHOR" section] Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> Date: 09/19/2013 Manual: Linux-PAM Source: Linux-PAM Language: English
NAMEpam_succeed_if - test account characteristics
- pam_succeed_if.so [flag...] [condition...]
The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met.
The following flags are supported:
- Turns on debugging messages sent to syslog.
- Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated.
- Don't log failure or success to the system log.
- Don't log failure to the system log.
- Don't log success to the system log.
- Log unknown users to the system log.
Conditions are three words: a field, a test, and a value to test for.
Available fields are user, uid, gid, shell, home, ruser, rhost, tty and service:
field < number
- Field has a value numerically less than number.
field <= number
- Field has a value numerically less than or equal to number.
field eq number
- Field has a value numerically equal to number.
field >= number
- Field has a value numerically greater than or equal to number.
field > number
- Field has a value numerically greater than number.
field ne number
- Field has a value numerically different from number.
field = string
- Field exactly matches the given string.
field != string
- Field does not match the given string.
field =~ glob
- Field matches the given glob.
field !~ glob
- Field does not match the given glob.
field in item:item:...
- Field is contained in the list of items separated by colons.
field notin item:item:...
- Field is not contained in the list of items separated by colons.
user ingroup group
- User is in given group.
user notingroup group
- User is not in given group.
user innetgr netgroup
- (user,host) is in given netgroup.
user notinnetgr group
- (user,host) is not in given netgroup.
MODULE TYPES PROVIDED
All module types (account, auth, password and session) are provided.
- The condition was true.
- The condition was false.
- A service error occurred or the arguments can't be parsed correctly.
To emulate the behaviour of pam_wheel, except there is no fallback to group 0:
auth required pam_succeed_if.so quiet user ingroup wheel
Given that the type matches, only loads the othermodule rule if the UID is over 500. Adjust the number after default to skip several rules.
type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500 type required othermodule.so arguments...
Nalin Dahyabhai <email@example.com>