-
Notifications
You must be signed in to change notification settings - Fork 9
/
pam_hbac.8.txt
56 lines (44 loc) · 1.91 KB
/
pam_hbac.8.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
pam_hbac(8)
===========
:revdate: 2016-02-25
NAME
----
pam_hbac - A PAM account module that evaluates HBAC rules stored on an
IPA server
SYNOPSIS
--------
pam_hbac.so [...]
OPTIONS
-------
* *config=/path/to/file* - the path to a non-default config file. Most
installations should not use this option, but rather use the config file
at the default location. Please see the *pam_hbac.conf(5)* man page for
more details about the configuration file.
* *ignore_unknown_user* - by default, `pam_hbac` returns `PAM_UNKNOWN_USER`
if the user requesting access is not found. If this option is enabled, `pam_hbac`
will return `PAM_IGNORE` instead, causing the PAM stack to ignore this module.
* *ignore_authinfo_unavail* - by default, `pam_hbac` returns `PAM_AUTHINFO_UNAVAIL`
if connecting to the host fails. If this option is enabled, `pam_hbac`
will return `PAM_IGNORE` instead, causing the PAM stack to ignore this module.
* *debug* - by default, `pam_hbac` logs only messages with priority at least
`LOG_ERR`. If this option is enabled log messages of all priorities are printed.
MODULE TYPES PROVIDED
---------------------
Only the *account* module type is supported.
EXAMPLE
-------
Please note the particular PAM configuration depends on your operating
system and version. On most systems, the PAM configuration would be simply:
[source,bash]
account sufficient pam_localuser.so
account required pam_hbac.so
Adding the `pam_localuser.so` module ensures that pam_hbac wouldn't be
called for local users defined in /etc/passwd.
PLATFORM-SPECIFIC DOCUMENTATION
-------------------------------
Your distribution should contain files specific to a certain platform. The files
are named README.$platform (for example, README.RHEL-5) and are typically located
in a docs directory. On Linux, that would be `/usr/share/doc/pam_hbac/`.
SEE ALSO
--------
* *pam_hbac.conf(5)* - The configuration file of the pam_hbac.so access module