NAME
pam_group
- Group PAM module
SYNOPSIS
[service-name]
module-type
control-flag
pam_group
[arguments]
DESCRIPTION
The group service module for PAM accepts or rejects users based on
their membership in a particular file group.
The following options may be passed to the
pam_group
module:
- deny
-
Reverse the meaning of the test, i.e., reject the applicant if and only
if he or she is a member of the specified group.
This can be useful to exclude certain groups of users from certain
services.
- fail_safe
-
If the specified group does not exist, or has no members, act as if
it does exist and the applicant is a member.
- group=groupname
-
Specify the name of the group to check.
The default is
``
wheel
''.
- root_only
-
Skip this module entirely if the target account is not the superuser
account.
- authenticate
-
The user is asked to authenticate using his own password.
SEE ALSO
pam.conf(5),
pam(8)
AUTHORS
The
pam_group
module and this manual page were developed for the
FreeBSD
Project by
ThinkSec AS and NAI Labs, the Security Research Division of Network
Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''),
as part of the DARPA CHATS research program.