Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Apropos / Subsearch:
optional field

pam_deny(5)           Standards, Environments, and Macros          pam_deny(5)

       pam_deny - PAM module to deny operations


       The pam_deny module implements all the PAM service module functions and
       returns the module type default failure return code for all calls.

       The following options are interpreted:

       debug           syslog(3C)  debugging  information  at   LOG_AUTH   and
                       LOG_DEBUG levels

       The authentication service returns the following error codes:

       PAM_ACCT_EXPIRED        If pam_sm_acct_mgmt is called.

       PAM_AUTH_ERR            If pam_sm_authenticate is called.

       PAM_AUTHOK_ERR          If pam_sm_chauthtok is called.

       PAM_CRED_ERR            If pam_sm_setcred is called.

       PAM_SESSION_ERR         If  pam_sm_open_session or pam_sm_close_session
                               are called.

       Example 1: Disabling a specified service

       The following example shows how to disable the service ssh-none authen-
       tication type:

        sshd-none       auth    pam_deny.so.1
        sshd-none       account pam_deny.so.1
        sshd-none       session pam_deny.so.1
        sshd-none       password pam_deny.so.1

       Example 2: Disabling all sevices

       The  following  example  shows how to disable all services that are not
       explicitly defined:

            other           auth    pam_deny.so.1
            other           account pam_deny.so.1
            other           session pam_deny.so.1
            other           password pam_deny.so.1

       See attributes(5) for a description of the following attributes:

       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE Interface StabilityEvolv-
       ing MT LevelMT-Safe with exceptions

       su(1M), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM), syslog(3C),
       pam.conf(4),   nsswitch.conf(4),  attributes(5),  pam_authtok_check(5),
       pam_authtok_get(5),        pam_authtok_store(5),         pam_dhkeys(5),
       pam_passwd_auth(5),        pam_unix_account(5),       pam_unix_auth(5),
       pam_unix_session(5), privileges(5)

       The interfaces in libpam(3LIB) are MT-Safe only if each  thread  within
       the multi-threaded application uses its own PAM handle.

       This  module  is  intended to be used to either deny access to specific
       services names, or to all service names not  specified  (by  specifying
       pam_deny.so.1 as the default, "other", service stack).

SunOS 5.10                        19 Apr 2004                      pam_deny(5)