PAM_DENY(7) Standards, Environments, and Macros PAM_DENY(7)
NAME
pam_deny - PAM authentication, account, session and password
management PAM module to deny operations
SYNOPSIS
pam_deny.so.1DESCRIPTION
The
pam_deny module implements all the PAM service module functions
and returns the module type default failure return code for all
calls.
The following options are interpreted:
debug syslog(3C) debugging information at the
LOG_AUTH|
LOG_DEBUG levels
ERRORS
The following error codes are returned:
PAM_ACCT_EXPIRED If
pam_sm_acct_mgmt is called.
PAM_AUTH_ERR If
pam_sm_authenticate is called.
PAM_AUTHTOK_ERR If
pam_sm_chauthtok is called.
PAM_CRED_ERR If
pam_sm_setcred is called.
PAM_SESSION_ERR If
pam_sm_open_session or
pam_sm_close_session is
called.
EXAMPLES
Example 1: Disallowing ssh none authentication
sshd-none auth requisite pam_deny.so.1
sshd-none account requisite pam_deny.so.1
sshd-none session requisite pam_deny.so.1
sshd-none password requisite pam_deny.so.1
Example 2: Disallowing any service not explicitly defined
other auth requisite pam_deny.so.1
other account requisite pam_deny.so.1
other session requisite pam_deny.so.1
other password requisite pam_deny.so.1
ATTRIBUTES
See
attributes(7) for a description of the following attributes:
+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+
SEE ALSO
syslog(3C),
libpam(3LIB),
pam(3PAM),
pam_sm_authenticate(3PAM),
nsswitch.conf(5),
pam.conf(5),
attributes(7),
pam_authtok_check(7),
pam_authtok_get(7),
pam_authtok_store(7),
pam_dhkeys(7),
pam_passwd_auth(7),
pam_unix_account(7),
pam_unix_auth(7),
pam_unix_session(7),
privileges(7),
su(8)NOTES
The interfaces in
libpam(3LIB) are MT-Safe only if each thread within
the multi-threaded application uses its own PAM handle.
The
pam_deny module is intended to deny access to a specified
service. The
other service name may be used to deny access to
services not explicitly specified.
August 19, 2023 PAM_DENY(7)
