diff options
Diffstat (limited to 'Linux-PAM/doc/modules/pam_wheel.sgml')
| -rw-r--r-- | Linux-PAM/doc/modules/pam_wheel.sgml | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/Linux-PAM/doc/modules/pam_wheel.sgml b/Linux-PAM/doc/modules/pam_wheel.sgml index cc064120..e4dc501a 100644 --- a/Linux-PAM/doc/modules/pam_wheel.sgml +++ b/Linux-PAM/doc/modules/pam_wheel.sgml @@ -1,5 +1,5 @@ <!-- - $Id: pam_wheel.sgml,v 1.1.1.2 2002/09/15 20:08:33 hartmans Exp $ + $Id: pam_wheel.sgml,v 1.3 2002/07/13 05:48:19 agmorgan Exp $ This file was written by Andrew G. Morgan <morgan@kernel.org> from notes provided by Cristian Gafton. @@ -22,7 +22,7 @@ Cristian Gafton <gafton@redhat.com> Author. <tag><bf>Management groups provided:</bf></tag> -authentication +authentication; account <tag><bf>Cryptographically sensitive:</bf></tag> @@ -31,7 +31,6 @@ authentication <tag><bf>Clean code base:</bf></tag> <tag><bf>System dependencies:</bf></tag> -Requires libpwdb. <tag><bf>Network aware:</bf></tag> @@ -42,7 +41,7 @@ Requires libpwdb. <p> Only permit root access to members of the wheel (<tt/gid=0/) group. -<sect2>Authentication component +<sect2>Authentication and Account components <p> <descrip> @@ -56,13 +55,17 @@ Only permit root access to members of the wheel (<tt/gid=0/) group. <tag><bf>Description:</bf></tag> -This module is used to enforce the so-called <em/wheel/ group. By +This module is used to enforce the so-called <em/wheel/ group. By default, it permits root access to the system if the applicant user is a member of the <tt/wheel/ group (first, the module checks for the existence of a '<tt/wheel/' group. Otherwise the module defines the group with group-id <tt/0/ to be the <em/wheel/ group). <p> +The module can be used as either an '<tt/auth/' or an '<tt/account/' +module. + +<p> The action of the module may be modified from this default by one or more of the following flags in the <tt>/etc/pam.conf</tt> file. <itemize> @@ -88,10 +91,13 @@ password. <bf/USE WITH CARE/. <item> <tt/deny/ - -This is used to reverse the logic of the module's behavior. -If the user is trying to get <tt/uid=0/ access and is a member of the wheel +This is used to reverse the logic of the module's behavior. If the +user is trying to get <tt/uid=0/ access and is a member of the wheel group, deny access (for the wheel group, this is perhaps nonsense!): it is intended for use in conjunction with the <tt/group=/ argument... +Conversely, if the user is not in the group, return <tt/PAM_IGNORE/ +(unless <tt/trust/ was also specified, in which case we return +<tt/PAM_SUCCESS/). <item> <tt/group=XXXX/ - @@ -114,7 +120,7 @@ file: # su auth sufficient pam_rootok.so su auth required pam_wheel.so -su auth required pam_unix_auth.so +su auth required pam_unix.so </verb> </tscreen> |