pam_nis.so
pam_listfile.so
.
onerr=succeed|fail
;
sense=allow|deny
;
domain=domainname
;
map=mname
;
value=name
;
item=user|tty|rhost|ruser
;
error=default|userunknown|authfail|permdenied|expired
map
in
the specified domain
to extract a list of groups that the
user is in. If value
is specified, the module checks that
the groups include that value, otherwise only the existence of the key
in the map is tested. If the test is sucessful, the module returns
success or failure depending on the value of sense
. On
failure, the module returns an error based on error
,
which defaults to PAM_AUTH_ERR
. If item
is
not specified, user
is used. If domain
is
not specified, the default domainname for the machine is used. For
testing purposes only, onerr=succeed
will cause the
module to succeed if there is a problem parsing the arguments, etc.
The default if onerror=fail
.
auth sufficient /lib/security/pam_nis.so \ item=user sense=allow map=users.byname value=compsci auth required /lib/security/pam_deny.so
onerr=succeed|fail
;
sense=allow|deny
;
domain=domainname
;
map=mname
;
value=name
;
item=user|tty|rhost|ruser
;
error=default|userunknown|authfail|permdenied|expired
PAM_PERM_DENIED
.
account required /lib/security/pam_nis.so \ item=user sense=deny map=cancelled.byname error=expired