3 pam_access module docs added by Tim Berger <timb@transmeta.com>
7 <sect1> The access module
14 <tag><bf>Module Name:</bf></tag>
19 <tag><bf>Author[s]:</bf></tag>
21 Alexei Nogin <alexei@nogin.dnttm.ru>
23 <tag><bf>Maintainer:</bf></tag>
27 <tag><bf>Management groups provided:</bf></tag>
31 <tag><bf>Cryptographically sensitive:</bf></tag>
33 <tag><bf>Security rating:</bf></tag>
35 <tag><bf>Clean code base:</bf></tag>
37 <tag><bf>System dependencies:</bf></tag>
38 Requires a configuration file. By default
39 <tt>/etc/security/access.conf</tt> is used but this can be overridden.
41 <tag><bf>Network aware:</bf></tag>
43 Through <tt/PAM_TTY/ if set, otherwise attempts getting tty name of
44 the stdin file descriptor with <tt/ttyname()/. Standard
45 gethostname(), <tt/yp_get_default_domain()/, <tt/gethostbyname()/
46 calls. <bf/NIS/ is used for netgroup support.
50 <sect2>Overview of module
53 Provides logdaemon style login access control.
55 <sect2> Account component
60 <tag><bf>Recognized arguments:</bf></tag>
62 <tt>accessconf=<it>/path/to/file.conf</it></tt>
64 <tag><bf>Description:</bf></tag>
66 This module provides logdaemon style login access control based on
67 login names and on host (or domain) names, internet addresses (or
68 network numbers), or on terminal line names in case of non-networked
69 logins. Diagnostics are reported through <tt/syslog(3)/. Wietse
70 Venema's <tt/login_access.c/ from <em/logdaemon-5.6/ is used with
71 several changes by A. Nogin.
74 The behavior of this module can be modified with the following
78 <item><tt>accessconf=/path/to/file.conf</tt> -
79 indicate an alternative <em/access/ configuration file to override
80 the default. This can be useful when different services need different
85 <tag><bf>Examples/suggested usage:</bf></tag>
87 Use of module is recommended, for example, on administrative machines
88 such as <bf/NIS/ servers and mail servers where you need several accounts
89 active but don't want them all to have login capability.
91 For <tt>/etc/pam.d</tt> style configurations where your modules live
92 in <tt>/lib/security</tt>, start by adding the following line to
93 <tt>/etc/pam.d/login</tt>, <tt>/etc/pam.d/rlogin</tt>,
94 <tt>/etc/pam.d/rsh</tt> and <tt>/etc/pam.d/ftp</tt>:
98 account required /lib/security/pam_access.so
102 Note that use of this module is not effective unless your system ignores
103 <tt>.rhosts</tt> files. See the the pam_rhosts_auth documentation.
105 A sample <tt>access.conf</tt> configuration file is included with the