1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="pam_shells">
<refmeta>
<refentrytitle>pam_shells</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="source">Linux-PAM</refmiscinfo>
<refmiscinfo class="manual">Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv xml:id="pam_shells-name">
<refname>pam_shells</refname>
<refpurpose>PAM module to check for valid login shell</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis xml:id="pam_shells-cmdsynopsis" sepchar=" ">
<command>pam_shells.so</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 xml:id="pam_shells-description">
<title>DESCRIPTION</title>
<para>
pam_shells is a PAM module that only allows access to the
system if the user's shell is listed in <filename>/etc/shells</filename>.
</para>
<para condition="with_vendordir_and_with_econf">
If this file does not exist, entries are taken from files
<filename>%vendordir%/shells</filename>,
<filename>%vendordir%/shells.d/*</filename> and
<filename>/etc/shells.d/*</filename> in that order.
</para>
<para>
It also checks if needed files (e.g. <filename>/etc/shells</filename>) are plain
files and not world writable.
</para>
</refsect1>
<refsect1 xml:id="pam_shells-options">
<title>OPTIONS</title>
<para> This module does not recognise any options.</para>
</refsect1>
<refsect1 xml:id="pam_shells-types">
<title>MODULE TYPES PROVIDED</title>
<para>
The <option>auth</option> and <option>account</option>
module types are provided.
</para>
</refsect1>
<refsect1 xml:id="pam_shells-return_values">
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>
Access to the system was denied.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The user's login shell was listed as valid shell in
<filename>/etc/shells</filename>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
The user does not exist or the user's login shell could not be determined.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SERVICE_ERR</term>
<listitem>
<para>
The module was not able to get the name of the user.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 xml:id="pam_shells-examples">
<title>EXAMPLES</title>
<para>
<programlisting>
auth required pam_shells.so
</programlisting>
</para>
</refsect1>
<refsect1 xml:id="pam_shells-see_also">
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>shells</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>7</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 xml:id="pam_shells-author">
<title>AUTHOR</title>
<para>
pam_shells was written by Erik Troan <ewt@redhat.com>.
</para>
</refsect1>
</refentry>
|
