Standards, Environments, and Macros pamlist(5)
NAME
pamlist - PAM account management module for UNIX
SYNOPSIS
pamlist.so.1
DESCRIPTION
The pamlist module implements pamsmacctmgmt(3PAM), which
provides functionality to the PAM account management stack.
The module provides functions to validate that the user's
account is valid on this host based on a list of users
and/or netgroups in the given file. The users and netgroups
are separated by newline character. Netgroups are specified
with character '@' as prefix before name of netgroup in the
list. The maximum line lenght is 1023 characters.
The username is the value of PAMUSER. The host is the value
of PAMRHOST or, if PAMRHOST is not set, the value of the
localhost as returned by gethostname(3C) is used.
If neither of the allow, deny, or compat options are speci-
fied, the module will look for ]/- entries in the local
/etc/passwd file. If this style is used, nsswitch.conf(4)
must not be configured with compat for the passwd database.
If no relevant ]/- entry exists for the user, pamlist is
not participating in result.
If compat option is specified then the module will look for
]/- entries in the local /etc/passwd file. Other entries in
this file will be counted as ] entries. If no relevant entry
exits for the user, pamlist will deny the access.
The following options can be passed to the module:
allow= The full pathname to a file of allowed
users and/or netgroups. Only one of
allow= or deny= can be specified.
compat Activate compat mode.
deny= The full pathname to a file of denied
users and/or netgroups. Only one of deny=
or allow= can be specified.
SunOS 5.11 Last change: 26 Jan 2009 1
Standards, Environments, and Macros pamlist(5)
debug Provide syslog(3C) debugging information
at the LOGAUTH LOGDEBUG level.
user The module should only perform netgroup
matches on the username. This is the
default option.
nouser The username should not be used in the
netgroup match.
host Only the host should be used in netgroup
matches.
nohost The hostname should not be used in net-
group matches.
userhostexact The user and hostname must be in the same
netgroup.
ERORS
The following error values are returned:
PAMSERVICER An invalid set of module options was
given in the pam.conf(4) for this
module, or the user/netgroup file could
not be opened.
PAMBUFER A memory buffer error occurred.
PAMIGNORE The module is ignored, as it is not par-
ticipating in the result.
PAMPERMDENIED The user is not on the allow list or is
on the deny list.
PAMSUCES The account is valid for use at this
time.
PAMUSERUNKNOWN No account is present for the user
SunOS 5.11 Last change: 26 Jan 2009 2
Standards, Environments, and Macros pamlist(5)
EXAMPLES
In the case of default mode or compat mode, the important
lines in /etc/passwd appear as follows:
]loginname - user is approved
-loginname - user is disapproved
]@netgroup - netgroup members are approved
-@netgroup - netgroup members are disapproved
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
ATRIBUTE TYPE ATRIBUTE VALUE
Interface Stability Committed
MT-Level MT-Safe with exceptions
The interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multithreaded application uses its own PAM
handle.
SEE ALSO
pam(3PAM), pamauthenticate(3PAM), pamsmacctmgmt(3PAM),
syslog(3C), libpam(3LIB), nsswitch.conf(4), pam.conf(4),
attributes(5)
SunOS 5.11 Last change: 26 Jan 2009 3
|
