2 .\" Copyright (c) 2005, Sun Microsystems, Inc. All Rights Reserved
3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
6 .TH PAM_DENY 5 "Jun 16, 2005"
8 pam_deny \- PAM authentication, account, session and password management PAM
9 module to deny operations
19 The \fBpam_deny\fR module implements all the PAM service module functions and
20 returns the module type default failure return code for all calls.
23 The following options are interpreted:
30 \fBsyslog\fR(3C) debugging information at the \fBLOG_AUTH\fR|\fBLOG_DEBUG\fR
37 The following error codes are returned:
41 \fB\fBPAM_ACCT_EXPIRED\fR\fR
44 If \fBpam_sm_acct_mgmt\fR is called.
50 \fB\fBPAM_AUTH_ERR\fR\fR
53 If \fBpam_sm_authenticate\fR is called.
59 \fB\fBPAM_AUTHOK_ERR\fR\fR
62 If \fBpam_sm_chauthtok\fR is called.
68 \fB\fBPAM_CRED_ERR\fR\fR
71 If \fBpam_sm_setcred\fR is called.
77 \fB\fBPAM_SESSION_ERR\fR\fR
80 If \fBpam_sm_open_session\fR or \fBpam_sm_close_session\fR is called.
85 \fBExample 1 \fRDisallowing ssh none authentication
89 sshd-none auth requisite pam_deny.so.1
90 sshd-none account requisite pam_deny.so.1
91 sshd-none session requisite pam_deny.so.1
92 sshd-none password requisite pam_deny.so.1
98 \fBExample 2 \fRDisallowing any service not explicitly defined
102 other auth requisite pam_deny.so.1
103 other account requisite pam_deny.so.1
104 other session requisite pam_deny.so.1
105 other password requisite pam_deny.so.1
113 See \fBattributes\fR(5) for a description of the following attributes:
121 ATTRIBUTE TYPE ATTRIBUTE VALUE
123 Interface Stability Evolving
125 MT Level MT-Safe with exceptions
131 \fBsu\fR(1M), \fBlibpam\fR(3LIB), \fBpam\fR(3PAM),
132 \fBpam_sm_authenticate\fR(3PAM), \fBsyslog\fR(3C), \fBpam.conf\fR(4),
133 \fBnsswitch.conf\fR(4), \fBattributes\fR(5), \fBpam_authtok_check\fR(5),
134 \fBpam_authtok_get\fR(5), \fBpam_authtok_store\fR(5), \fBpam_dhkeys\fR(5),
135 \fBpam_passwd_auth\fR(5), \fBpam_unix_account\fR(5), \fBpam_unix_auth\fR(5),
136 \fBpam_unix_session\fR(5), \fBprivileges\fR(5)
140 The interfaces in \fBlibpam\fR(3LIB) are MT-Safe only if each thread within the
141 multi-threaded application uses its own PAM handle.
144 The \fBpam_deny\fR module is intended to deny access to a specified service.
145 The \fBother\fR service name may be used to deny access to services not
146 explicitly specified.