PAM_DENY(7) Standards, Environments, and Macros PAM_DENY(7)

NAME


pam_deny - PAM authentication, account, session and password management
PAM module to deny operations

SYNOPSIS


pam_deny.so.1


DESCRIPTION


The pam_deny module implements all the PAM service module functions and
returns the module type default failure return code for all calls.


The following options are interpreted:

debug
syslog(3C) debugging information at the LOG_AUTH|LOG_DEBUG
levels


ERRORS


The following error codes are returned:

PAM_ACCT_EXPIRED
If pam_sm_acct_mgmt is called.


PAM_AUTH_ERR
If pam_sm_authenticate is called.


PAM_AUTHTOK_ERR
If pam_sm_chauthtok is called.


PAM_CRED_ERR
If pam_sm_setcred is called.


PAM_SESSION_ERR
If pam_sm_open_session or pam_sm_close_session is
called.


EXAMPLES


Example 1: Disallowing ssh none authentication



sshd-none auth requisite pam_deny.so.1
sshd-none account requisite pam_deny.so.1
sshd-none session requisite pam_deny.so.1
sshd-none password requisite pam_deny.so.1


Example 2: Disallowing any service not explicitly defined



other auth requisite pam_deny.so.1
other account requisite pam_deny.so.1
other session requisite pam_deny.so.1
other password requisite pam_deny.so.1


ATTRIBUTES


See attributes(7) for a description of the following attributes:


+--------------------+-------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+--------------------+-------------------------+
|Interface Stability | Evolving |
+--------------------+-------------------------+
|MT Level | MT-Safe with exceptions |
+--------------------+-------------------------+

SEE ALSO


syslog(3C), libpam(3LIB), pam(3PAM), pam_sm_authenticate(3PAM),
nsswitch.conf(5), pam.conf(5), attributes(7), pam_authtok_check(7),
pam_authtok_get(7), pam_authtok_store(7), pam_dhkeys(7),
pam_passwd_auth(7), pam_unix_account(7), pam_unix_auth(7),
pam_unix_session(7), privileges(7), su(8)

NOTES


The interfaces in libpam(3LIB) are MT-Safe only if each thread within the
multi-threaded application uses its own PAM handle.


The pam_deny module is intended to deny access to a specified service.
The other service name may be used to deny access to services not
explicitly specified.

illumos August 19, 2023 PAM_DENY(7)