Changeset View
Changeset View
Standalone View
Standalone View
head/lib/libpam/modules/pam_login_access/pam_login_access.8
Show All 28 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd January 24, 2002 | .Dd January 30, 2020 | ||||
.Dt PAM_LOGIN_ACCESS 8 | .Dt PAM_LOGIN_ACCESS 8 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm pam_login_access | .Nm pam_login_access | ||||
.Nd login.access PAM module | .Nd login.access PAM module | ||||
.Sh SYNOPSIS | .Sh SYNOPSIS | ||||
.Op Ar service-name | .Op Ar service-name | ||||
.Ar module-type | .Ar module-type | ||||
Show All 12 Lines | |||||
parameter, this is the | parameter, this is the | ||||
.Dq Li account | .Dq Li account | ||||
feature. | feature. | ||||
.Ss Login.access Account Management Module | .Ss Login.access Account Management Module | ||||
The | The | ||||
.Pa login.access | .Pa login.access | ||||
account management component | account management component | ||||
.Pq Fn pam_sm_acct_mgmt , | .Pq Fn pam_sm_acct_mgmt , | ||||
returns success if and only the user is allowed to log in on the | returns success if and only the user is allowed to login on the | ||||
specified tty (in the case of a local login) or from the specified | specified tty (in the case of a local login) or from the specified | ||||
remote host (in the case of a remote login), according to the | remote host (in the case of a remote login), according to the | ||||
restrictions listed in | restrictions listed in | ||||
.Xr login.access 5 . | .Xr login.access 5 . | ||||
.Bl -tag -width ".Cm accessfile=pathname" | |||||
.It Cm accessfile Ns = Ns Ar pathname | |||||
specifies a non-standard location for the | |||||
.Pa login.access | |||||
configuration file | |||||
(normally located in | |||||
.Pa /etc/login.access ) . | |||||
.It Cm nodefgroup | |||||
makes tokens not enclosed in parentheses only match users, requiring groups | |||||
to be specified in parentheses. | |||||
Without | |||||
.Cm nodefgroup | |||||
user and group names are intermingled, with user entries taking precedence | |||||
over group entries. | |||||
This is not backwards compatible with legacy | |||||
.Pa login.access | |||||
configuration files. | |||||
However this mitigates confusion between users and | |||||
groups of the same name. | |||||
.It Cm fieldsep Ns = Ns Ar separators | |||||
changes the field separator from the default ":". | |||||
More than one separator | |||||
may be specified. | |||||
.It Cm listsep Ns = Ns Ar separators | |||||
changes the field separator from the default space (''), tab (\\t) and | |||||
comma (,). | |||||
More than one separator may be specified. | |||||
For example, listsep=; | |||||
will replace the default with a semicolon (;). | |||||
This option may be useful when specifying Active Directory groupnames which | |||||
typically contain spaces. | |||||
.El | |||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
.Xr pam 3 , | .Xr pam 3 , | ||||
.Xr syslog 3 , | |||||
.Xr login.access 5 , | .Xr login.access 5 , | ||||
.Xr pam.conf 5 | .Xr pam.conf 5 | ||||
.Sh AUTHORS | .Sh AUTHORS | ||||
The | The | ||||
.Xr login.access 5 | .Xr login.access 5 | ||||
access control scheme was designed and implemented by | access control scheme was designed and implemented by | ||||
.An Wietse Venema . | .An Wietse Venema . | ||||
.Pp | .Pp | ||||
Show All 9 Lines |