4 This file was written by Michael K. Johnson <johnsonm@redhat.com>
7 <sect1>The no-login module
14 <tag><bf>Module Name:</bf></tag>
17 <tag><bf>Author:</bf></tag>
18 Written by Michael K. Johnson <johnsonm@redhat.com><newline>
20 <tag><bf>Maintainer:</bf></tag>
22 <tag><bf>Management groups provided:</bf></tag>
23 account; authentication
25 <tag><bf>Cryptographically sensitive:</bf></tag>
27 <tag><bf>Security rating:</bf></tag>
29 <tag><bf>Clean code base:</bf></tag>
31 <tag><bf>System dependencies:</bf></tag>
33 <tag><bf>Network aware:</bf></tag>
37 <sect2>Overview of module
40 Provides standard Unix <em/nologin/ authentication.
42 <sect2>Authentication component
47 <tag><bf>Recognized arguments:</bf></tag>
48 successok, file=<<em/filename/>
50 <tag><bf>Description:</bf></tag>
52 Provides standard Unix <em/nologin/ authentication. If the file
53 <tt>/etc/nologin</tt> exists, only root is allowed to log in; other
54 users are turned away with an error message (and the module returns
55 <tt/PAM_AUTH_ERR/ or <tt/PAM_USER_UNKNOWN/). All users (root or
56 otherwise) are shown the contents of <tt>/etc/nologin</tt>.
59 If the file <tt>/etc/nologin</tt> does not exist, this module defaults
60 to returning <tt/PAM_IGNORE/, but the <tt/successok/ module argument
61 causes it to return <tt/PAM_SUCCESS/ in this case.
64 The administrator can override the default nologin file with the
65 <tt/file=/<em/pathname/ module argument.
67 <tag><bf>Examples/suggested usage:</bf></tag>
69 In order to make this module effective, all login methods should be
70 secured by it. It should be used as a <tt>required</tt> method listed
71 before any <tt>sufficient</tt> methods in order to get standard Unix
72 nologin semantics. Note, the use of <tt/successok/ module argument
73 causes the module to return <tt/PAM_SUCCESS/ and as such would break
74 such a configuration - failing <tt/sufficient/ modules would lead to a
75 successful login because the nologin module <em/succeeded/.
80 End of sgml insert for this module.