1pam_deny(5)           Standards, Environments, and Macros          pam_deny(5)
2
3
4

NAME

6       pam_deny - PAM authentication, account, session and password management
7       PAM module to deny operations
8

SYNOPSIS

10       pam_deny.so.1
11
12

DESCRIPTION

14       The pam_deny module implements all the PAM service module functions and
15       returns the module type default failure return code for all calls.
16
17
18       The following options are interpreted:
19
20       debug    syslog(3C)  debugging  information  at  the LOG_AUTH|LOG_DEBUG
21                levels
22
23

ERRORS

25       The following error codes are returned:
26
27       PAM_ACCT_EXPIRED    If pam_sm_acct_mgmt is called.
28
29
30       PAM_AUTH_ERR        If pam_sm_authenticate is called.
31
32
33       PAM_AUTHOK_ERR      If pam_sm_chauthtok is called.
34
35
36       PAM_CRED_ERR        If pam_sm_setcred is called.
37
38
39       PAM_SESSION_ERR     If pam_sm_open_session or  pam_sm_close_session  is
40                           called.
41
42

EXAMPLES

44       Example 1 Disallowing ssh none authentication
45
46          sshd-none      auth       requisite   pam_deny.so.1
47          sshd-none      account    requisite   pam_deny.so.1
48          sshd-none      session    requisite   pam_deny.so.1
49          sshd-none      password   requisite   pam_deny.so.1
50
51
52
53       Example 2 Disallowing any service not explicitly defined
54
55          other          auth       requisite   pam_deny.so.1
56          other          account    requisite   pam_deny.so.1
57          other          session    requisite   pam_deny.so.1
58          other          password   requisite   pam_deny.so.1
59
60
61

ATTRIBUTES

63       See attributes(5) for a description of the following attributes:
64
65
66
67
68       ┌─────────────────────────────┬─────────────────────────────┐
69       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
70       ├─────────────────────────────┼─────────────────────────────┤
71       │Interface Stability          │Evolving                     │
72       ├─────────────────────────────┼─────────────────────────────┤
73       │MT Level                     │MT-Safe with exceptions      │
74       └─────────────────────────────┴─────────────────────────────┘
75

SEE ALSO

77       su(1M), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM), syslog(3C),
78       pam.conf(4),  nsswitch.conf(4),  attributes(5),   pam_authtok_check(5),
79       pam_authtok_get(5),         pam_authtok_store(5),        pam_dhkeys(5),
80       pam_passwd_auth(5),       pam_unix_account(5),        pam_unix_auth(5),
81       pam_unix_session(5), privileges(5)
82

NOTES

84       The  interfaces  in libpam(3LIB) are MT-Safe only if each thread within
85       the multi-threaded application uses its own PAM handle.
86
87
88       The pam_deny module is intended to deny access to a specified  service.
89       The  other  service  name  may  be  used to deny access to services not
90       explicitly specified.
91
92
93
94SunOS 5.11                        16 Jun 2005                      pam_deny(5)