1PAM_SUCCEED_IF(8)                  Linux-PAM                 PAM_SUCCEED_IF(8)
2
3
4

NAME

6       pam_succeed_if - test account characteristics
7

SYNOPSIS

9       pam_succeed_if.so [flag...] [condition...]
10

DESCRIPTION

12       pam_succeed_if.so is designed to succeed or fail authentication based
13       on characteristics of the account belonging to the user being
14       authenticated. One use is to select whether to load other modules based
15       on this test.
16
17       The module should be given one or more conditions as module arguments,
18       and authentication will succeed only if all of the conditions are met.
19

OPTIONS

21       The following flags are supported:
22
23       debug
24           Turns on debugging messages sent to syslog.
25
26       use_uid
27           Evaluate conditions using the account of the user whose UID the
28           application is running under instead of the user being
29           authenticated.
30
31       quiet
32           Don´t log failure or success to the system log.
33
34       quiet_fail
35           Don´t log failure to the system log.
36
37       quiet_success
38           Don´t log success to the system log.
39
40       Conditions are three words: a field, a test, and a value to test for.
41
42       Available fields are user, uid, gid, shell, home and service:
43
44       field < number
45           Field has a value numerically less than number.
46
47       field <= number
48           Field has a value numerically less than or equal to number.
49
50       field eq number
51           Field has a value numerically equal to number.
52
53       field >= number
54           Field has a value numerically greater than or equal to number.
55
56       field > number
57           Field has a value numerically greater than number.
58
59       field ne number
60           Field has a value numerically different from number.
61
62       field = string
63           Field exactly matches the given string.
64
65       field != string
66           Field does not match the given string.
67
68       field =~ glob
69           Field matches the given glob.
70
71       field !~ glob
72           Field does not match the given glob.
73
74       field in item:item:...
75           Field is contained in the list of items separated by colons.
76
77       field notin item:item:...
78           Field is not contained in the list of items separated by colons.
79
80       user ingroup group
81           User is in given group.
82
83       user notingroup group
84           User is not in given group.
85
86       user innetgr netgroup
87           (user,host) is in given netgroup.
88
89       user notinnetgr group
90           (user,host) is not in given netgroup.
91

MODULE TYPES PROVIDED

93       All module types (account, auth, password and session) are provided.
94

RETURN VALUES

96       PAM_SUCCESS
97           The condition was true.
98
99       PAM_AUTH_ERR
100           The condition was false.
101
102       PAM_SERVICE_ERR
103           A service error occurred or the arguments can´t be parsed
104           correctly.
105

EXAMPLES

107       To emulate the behaviour of pam_wheel, except there is no fallback to
108       group 0:
109
110           auth required pam_succeed_if.so quiet user ingroup wheel
111
112
113       Given that the type matches, only loads the othermodule rule if the UID
114       is over 500. Adjust the number after default to skip several rules.
115
116           type [default=1 success=ignore] pam_succeed_if.so quiet uid > 500
117           type required othermodule.so arguments...
118
119

SEE ALSO

121       glob(7), pam(8)
122

AUTHOR

124       Nalin Dahyabhai <nalin@redhat.com>
125
126
127
128Linux-PAM                         06/16/2009                 PAM_SUCCEED_IF(8)
Impressum