PAM_SUCCEED_IF(8) | Linux-PAM Manual | PAM_SUCCEED_IF(8) |
NAME
pam_succeed_if - test account characteristics
SYNOPSIS
pam_succeed_if.so [flag...] [condition...]
DESCRIPTION
pam_succeed_if.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated or values of other PAM items. One use is to select whether to load other modules based on this test.
The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met.
OPTIONS
The following flags are supported:
debug
use_uid
quiet
quiet_fail
quiet_success
audit
Conditions are three words: a field, a test, and a value to test for.
Available fields are user, uid, gid, shell, home, ruser, rhost, tty and service:
field < number
field <= number
field eq number
field >= number
field > number
field ne number
field = string
field != string
field =~ glob
field !~ glob
field in item:item:...
field notin item:item:...
user ingroup group[:group:....]
user notingroup group[:group:....]
user innetgr netgroup
user notinnetgr group
MODULE TYPES PROVIDED
All module types (account, auth, password and session) are provided.
RETURN VALUES
PAM_SUCCESS
PAM_AUTH_ERR
PAM_SERVICE_ERR
EXAMPLES
To emulate the behaviour of pam_wheel, except there is no fallback to group 0 being only approximated by checking also the root group membership:
auth required pam_succeed_if.so quiet user ingroup wheel:root
Given that the type matches, only loads the othermodule rule if the UID is over 500. Adjust the number after default to skip several rules.
type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500 type required othermodule.so arguments...
SEE ALSO
AUTHOR
Nalin Dahyabhai <nalin@redhat.com>
08/28/2024 | Linux-PAM |