PAM_GROUP(8) MidnightBSD System Manager’s Manual PAM_GROUP(8)

NAME

pam_group — Group PAM module

SYNOPSIS

[service-name] module-type control-flag pam_group [arguments]

DESCRIPTION

The group service module for PAM accepts or rejects users based on their membership in a particular file group.

The following options may be passed to the pam_group module:

deny

Reverse the meaning of the test, i.e., reject the applicant if and only if he or she is a member of the specified group. This can be useful to exclude certain groups of users from certain services.

fail_safe

If the specified group does not exist, or has no members, act as if it does exist and the applicant is a member.

group=groupname

Specify the name of the group to check. The default is ‘‘wheel’’.

root_only

Skip this module entirely if the target account is not the superuser account.

SEE ALSO

pam.conf(5), pam(8)

AUTHORS

The pam_group module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (‘‘CBOSS’’), as part of the DARPA CHATS research program.

MidnightBSD 0.3 February 6, 2003 MidnightBSD 0.3