1
1
.\" Title: pam_succeed_if
3
.\" Generator: DocBook XSL Stylesheets v1.73.1 <http://docbook.sf.net/>
2
.\" Author: [see the "AUTHOR" section]
3
.\" Generator: DocBook XSL Stylesheets v1.74.0 <http://docbook.sf.net/>
5
5
.\" Manual: Linux-PAM
6
6
.\" Source: Linux-PAM
8
.TH "PAM_SUCCEED_IF" "8" "04/16/2008" "Linux-PAM" "Linux\-PAM"
9
.TH "PAM_SUCCEED_IF" "8" "06/16/2009" "Linux-PAM" "Linux\-PAM"
10
.\" -----------------------------------------------------------------
11
.\" * (re)Define some macros
12
.\" -----------------------------------------------------------------
13
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
14
.\" toupper - uppercase a string (locale-aware)
15
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
17
.tr aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ
19
.tr aabbccddeeffgghhiijjkkllmmnnooppqqrrssttuuvvwwxxyyzz
21
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
22
.\" SH-xref - format a cross-reference to an SH section
23
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
33
.\" SH - level-one heading that works better for non-TTY output
34
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
36
.\" put an extra blank line of space above the head in non-TTY output
43
.nr an-prevailing-indent \\n[IN]
47
.HTML-TAG ".NH \\n[an-level]"
49
.nr an-no-space-flag 1
51
\." make the size of the head bigger
56
.\" if n (TTY output), use uppercase
61
.\" if not n (not TTY), use normal case (not uppercase)
65
.\" if not n (not TTY), put a border/line under subheading
70
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
71
.\" SS - level-two heading that works better for non-TTY output
72
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
77
.nr an-prevailing-indent \\n[IN]
82
.nr an-no-space-flag 1
85
\." make the size of the head bigger
91
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
92
.\" BB/BE - put background/screen (filled box) around block of text
93
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
106
.if "\\$2"adjust-for-leading-newline" \{\
114
.nr BW \\n(.lu-\\n(.i
117
.ie "\\$2"adjust-for-leading-newline" \{\
118
\M[\\$1]\h'1n'\v'+.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
121
\M[\\$1]\h'1n'\v'-.5v'\D'P \\n(BWu 0 0 \\n(BHu -\\n(BWu 0 0 -\\n(BHu'\M[]
132
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
133
.\" BM/EM - put colored marker in margin next to block of text
134
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
151
\M[\\$1]\D'P -.75n 0 0 \\n(BHu -(\\n[.i]u - \\n(INu - .75n) 0 0 -\\n(BHu'\M[]
159
.\" -----------------------------------------------------------------
160
.\" * set default formatting
161
.\" -----------------------------------------------------------------
9
162
.\" disable hyphenation
11
164
.\" disable justification (adjust text to left margin only)
14
pam_succeed_if - test account characteristics
17
\fBpam_succeed_if\.so\fR [\fIflag\fR...] [\fIcondition\fR...]
166
.\" -----------------------------------------------------------------
167
.\" * MAIN CONTENT STARTS HERE *
168
.\" -----------------------------------------------------------------
170
pam_succeed_if \- test account characteristics
173
.HP \w'\fBpam_succeed_if\&.so\fR\ 'u
174
\fBpam_succeed_if\&.so\fR [\fIflag\fR...] [\fIcondition\fR...]
20
pam_succeed_if\.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\. One use is to select whether to load other modules based on this test\.
178
pam_succeed_if\&.so is designed to succeed or fail authentication based on characteristics of the account belonging to the user being authenticated\&. One use is to select whether to load other modules based on this test\&.
22
The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\.
180
The module should be given one or more conditions as module arguments, and authentication will succeed only if all of the conditions are met\&.
30
Turns on debugging messages sent to syslog\.
188
Turns on debugging messages sent to syslog\&.
35
Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\.
193
Evaluate conditions using the account of the user whose UID the application is running under instead of the user being authenticated\&.
40
Don\'t log failure or success to the system log\.
198
Don\'t log failure or success to the system log\&.
45
Don\'t log failure to the system log\.
203
Don\'t log failure to the system log\&.
48
206
\fBquiet_success\fR
50
Don\'t log success to the system log\.
208
Don\'t log success to the system log\&.
54
\fICondition\fRs are three words: a field, a test, and a value to test for\.
212
\fICondition\fRs are three words: a field, a test, and a value to test for\&.
56
214
Available fields are
65
223
\fBfield < number\fR
67
Field has a value numerically less than number\.
225
Field has a value numerically less than number\&.
70
228
\fBfield <= number\fR
72
Field has a value numerically less than or equal to number\.
230
Field has a value numerically less than or equal to number\&.
75
233
\fBfield eq number\fR
77
Field has a value numerically equal to number\.
235
Field has a value numerically equal to number\&.
80
238
\fBfield >= number\fR
82
Field has a value numerically greater than or equal to number\.
240
Field has a value numerically greater than or equal to number\&.
85
243
\fBfield > number\fR
87
Field has a value numerically greater than number\.
245
Field has a value numerically greater than number\&.
90
248
\fBfield ne number\fR
92
Field has a value numerically different from number\.
250
Field has a value numerically different from number\&.
95
253
\fBfield = string\fR
97
Field exactly matches the given string\.
255
Field exactly matches the given string\&.
100
258
\fBfield != string\fR
102
Field does not match the given string\.
260
Field does not match the given string\&.
105
263
\fBfield =~ glob\fR
107
Field matches the given glob\.
265
Field matches the given glob\&.
110
268
\fBfield !~ glob\fR
112
Field does not match the given glob\.
115
\fBfield in item:item:\.\.\.\fR
117
Field is contained in the list of items separated by colons\.
120
\fBfield notin item:item:\.\.\.\fR
122
Field is not contained in the list of items separated by colons\.
270
Field does not match the given glob\&.
273
\fBfield in item:item:\&.\&.\&.\fR
275
Field is contained in the list of items separated by colons\&.
278
\fBfield notin item:item:\&.\&.\&.\fR
280
Field is not contained in the list of items separated by colons\&.
125
283
\fBuser ingroup group\fR
127
User is in given group\.
285
User is in given group\&.
130
288
\fBuser notingroup group\fR
132
User is not in given group\.
290
User is not in given group\&.
135
293
\fBuser innetgr netgroup\fR
137
(user,host) is in given netgroup\.
295
(user,host) is in given netgroup\&.
140
298
\fBuser notinnetgr group\fR
142
(user,host) is not in given netgroup\.
300
(user,host) is not in given netgroup\&.
144
.SH "MODULE SERVICES PROVIDED"
302
.SH "MODULE TYPES PROVIDED"
146
All services are supported\.
304
All module types (\fBaccount\fR,
308
\fBsession\fR) are provided\&.
147
309
.SH "RETURN VALUES"
151
The condition was true\.
313
The condition was true\&.
156
The condition was false\.
318
The condition was false\&.
161
A service error occured or the arguments can\'t be parsed as numbers\.
323
A service error occurred or the arguments can\'t be parsed correctly\&.
165
327
To emulate the behaviour of
166
328
\fIpam_wheel\fR, except there is no fallback to group 0:
170
auth required pam_succeed_if\.so quiet user ingroup wheel
339
.BB lightgray adjust-for-leading-newline
342
auth required pam_succeed_if\&.so quiet user ingroup wheel
344
.EB lightgray adjust-for-leading-newline
175
Given that the type matches, only loads the othermodule rule if the UID is over 500\. Adjust the number after default to skip several rules\.
355
Given that the type matches, only loads the othermodule rule if the UID is over 500\&. Adjust the number after default to skip several rules\&.
179
type [default=1 success=ignore] pam_succeed_if\.so quiet uid > 500
180
type required othermodule\.so arguments\.\.\.
366
.BB lightgray adjust-for-leading-newline
369
type [default=1 success=ignore] pam_succeed_if\&.so quiet uid > 500
370
type required othermodule\&.so arguments\&.\&.\&.
372
.EB lightgray adjust-for-leading-newline