pam_localuser - require users to be listed in /etc/passwd
pam_localuser.so [debug] [file=/path/passwd]
pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the networks users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the networks users.
This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but its common enough to have been separated out.
debugPrint debug information.
file=/path/passwdUse a file other than /etc/passwd.
All module types (account, auth, password and session) are provided.
PAM_SUCCESSThe new localuser was set successfully.
PAM_SERVICE_ERRNo username was given.
PAM_USER_UNKNOWNUser not known.
Add the following line to /etc/pam.d/su to allow only local users in group wheel to use su.
account sufficient pam_localuser.so account required pam_wheel.so
/etc/passwdLocal user account information.
pam.conf(5), pam.d(5), pam(7)
pam_localuser was written by Nalin Dahyabhai <email@example.com>.
|Linux-PAM Manual||PAM_LOCALUSER (8)||06/04/2011|