• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

debian/H07-Jun-2006-10973

AUTHORSH A D07-Jun-20061,015 3924

COPYINGH A D09-Oct-200417.6 KiB341281

ChangeLogH A D07-Jun-20061,015 3924

INSTALLH A D07-Jun-20064.7 KiB13891

Makefile.amH A D09-Oct-20041 KiB3828

Makefile.inH A D03-May-202210.1 KiB369279

NEWSH A D07-Jun-20064.7 KiB13891

READMEH A D07-Jun-20064.7 KiB13891

aclocal.m4H A D07-Jun-200637 KiB990946

config.guessH A D24-Apr-200542.8 KiB1,4661,268

config.h.inH A D09-Oct-20042 KiB7449

config.subH A D24-Apr-200530.8 KiB1,5701,429

configureH A D07-Jun-2006145.3 KiB4,8804,008

configure.inH A D07-Jun-20061.3 KiB5747

install-shH A D12-Aug-20025.5 KiB252153

missingH A D12-Aug-20026.3 KiB199159

mkinstalldirsH A D12-Aug-2002722 4123

pam_require.cH A D03-May-20227.3 KiB265192

stamp-h.inH A D07-Jun-200610 21

README

1====== pam_require ======
2
3This is a simple PAM account module. It is meant to be used together
4with other modules! It allows you to require a special user or group
5to access a service.
6
7It's available at http://www.splitbrain.org/go/pam_require
8
9===== Installation =====
10
11You need the pam-devel files to compile it. In Debian do:
12
13  # apt-get install libpam0g-dev
14
15Compiling and installing __should__ be straight forward:
16
17  $> ./configure
18  $> make
19  $> su
20  #> make install
21
22
23===== Usage =====
24
25The module is an account module only! It has no usage as auth,
26password or session module!
27
28**Please Note:** The Syntax has changed from Version 0.1
29
30It accepts usernames or groupnames as parameter. Groupnames have to
31be given with a leading @. Just have a look at the examples below:
32
33This requires the user to be in a group called "dialin":
34
35  account    required   pam_unix.so
36  account    required   pam_require.so @dialin
37
38This only allows user "joe" to login:
39
40  account    required   pam_unix.so
41  account    required   pam_require.so joe
42
43Here either "joe" or members of the "dialin" group may login:
44
45  account    required   pam_unix.so
46  account    required   pam_require.so joe @dialin
47
48Since version 0.3 you may let in everybody __except__ the named group
49or user. This example keeps out members of the lusers group:
50
51  account    required   pam_unix.so
52  account    required   pam_require.so !@lusers
53
54Since version 0.4 you can define users and groups with spaces, just use
55colons instead of the spaces. You should always avoid using spaces in
56usernames and groups but sometimes it is necessary (most times some kind of
57interaction with Microsoft products is involved). The example lets in "Joe
58Schmoe" and members of the "Windows Users" group.
59
60  account    required   pam_unix.so
61  account    required   pam_require.so Joe:Schmoe @Windows:Users
62
63Version 0.7 adds the possibility to do case insensitive checks using
64the no_case option. The following matches "Joe" as well as "joe" or "JOe"
65
66  account    required   pam_unix.so
67  account    required   pam_require.so no_case joe
68
69===== Bugs / Known Issues =====
70
71Be careful with the negation (!). All parameters are logically OR'ed together
72so if one statement is true access is granted. A simple example to explain -
73Imagine this line:
74
75  account    required   pam_unix.so
76  account    required   pam_required.so !@lusers !@schmocks
77
78This would let in all users in group schmocks that are not in group lusers.
79To keep out both groups use two lines like this:
80
81  account    required   pam_unix.so
82  account    required   pam_required.so !@lusers
83  account    required   pam_required.so !@schmocks
84
85The module discards all standard parameter which are: debug, no_warn,
86use_first_pass, try_first_pass, use_mapped_pass and expose_account. This means
87two things: First these parameter doesn't change anything in pam_require's
88behavior and second you can't have users with these names.
89
90===== Thanks =====
91
92To Jennifer Vesperman for her very helpful article "Writing PAM Modules"
93at http://linux.oreillynet.com/pub/a/linux/2002/05/02/pam_modules.html
94
95To Jens Chr. Bachem <j.bachem@travco.de> for the negation patch.
96
97To Svein Olav Bjerkeset <svein.bjerkeset@vegvesen.no> for some hints what to
98change for compiling on Solaris.
99
100To Scipio <scipio@freemail.hu> for pointing out some errors in my code.
101
102To Jon Severinsson <jon@severinsson.net> for adding the missing
103primary group membership test
104
105To Alexander E. Patrakov <patrakov@ums.usu.ru> for adding control files
106to build Debian package
107
108To Xim Tur i Massanet <joatumas@yahoo.es> for adding the no_case option and
109a fix to make deny only work
110
111===== Feedback =====
112
113I'm always open to suggestions or hints that help me make my C better.
114I'm completely new to the whole autoconf/automake stuff so any tips on
115this are greatly appreciated.
116
117Just contact me at <andi@splitbrain.org> or visit it's website
118at http://www.splitbrain.org/projects/pam_require
119
120===== License =====
121
122  pam_require - A simple PAM account module
123  Copyright (C) 2003-2006 Andreas Gohr <andi@splitbrain.org>
124
125  This program is free software; you can redistribute it and/or
126  modify it under the terms of the GNU General Public License
127  as published by the Free Software Foundation; either version 2
128  of the License, or (at your option) any later version.
129
130  This program is distributed in the hope that it will be useful,
131  but WITHOUT ANY WARRANTY; without even the implied warranty of
132  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
133  GNU General Public License for more details.
134
135  You should have received a copy of the GNU General Public License
136  along with this program; if not, write to the Free Software
137  Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
138