PAM_SECURETTY(8) BSD System Manager's Manual PAM_SECURETTY(8)NAME
pam_securetty -- SecureTTY PAM module
SYNOPSIS
[service-name] module-type control-flag pam_securetty [options]
DESCRIPTION
The SecureTTY service module for PAM, pam_securetty provides functionality for only one PAM category: account management. In terms of the
module-type parameter, this is the ``account'' feature. It also provides null functions for authentication and session management.
SecureTTY Account Management Module
The SecureTTY account management component (pam_sm_acct_mgmt()), returns failure if the user is attempting to authenticate as superuser, and
the process is attached to an insecure TTY. In all other cases, the module returns success.
A TTY is considered secure if it is listed in /etc/ttys and has the TTY_SECURE flag set.
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
no_warn suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined.
SEE ALSO getttynam(3), syslog(3), pam.conf(5), ttys(5), pam(8)BSD July 8, 2001 BSD
Check Out this Related Man Page
PAM_NOLOGIN(8) BSD System Manager's Manual PAM_NOLOGIN(8)NAME
pam_nologin -- NoLogin PAM module
SYNOPSIS
[service-name] module-type control-flag pam_nologin [options]
DESCRIPTION
The NoLogin authentication service module for PAM provides functionality for only one PAM category: authentication. In terms of the
module-type parameter, this is the ``auth'' feature. It also provides a null function for session management.
NoLogin Authentication Module
The NoLogin authentication component (pam_sm_authenticate()), always returns success for the superuser, and returns success for all other
users if the file /etc/nologin does not exist. If /etc/nologin does exist, then its contents are echoed to non-superusers before failure is
returned. If a "nologin" capability is specified in login.conf(5), then the file thus specified is used instead. This usually defaults to
/etc/nologin.
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
no_warn suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined.
SEE ALSO syslog(3), login.conf(5), pam.conf(5), nologin(8), pam(8)BSD July 8, 2001 BSD
I frequently rexec into a remote box to run a job, occaisionally I get the the error message "rexecd: Account Disabled" and in the remote box syslog I see "rexecd: PAM - status 28 PAM error message: account is disabled". After a 1/2 hour or so the problem goes away. Anyone shed any light on... (0 Replies)
My PAM module seems to work right but it fails in authentication. Althought it can't authenticate, the session module works and the software who uses it executes well.
For example, when I login through "gdm" using pam to authenticate against an ldap server
/var/log/auth.log shows
Any... (1 Reply)
Hi all. be gentle, its my first time :-)
I seem to have had this isse dumped on me and could do with help/advice.
We have several Solaris10 servers, authentication is done per server using the usual useradd and the passwd/group/shadow files.
we're now at a point where we need some way of... (4 Replies)
On a redhat linux 4 server, how to find if there is an account lockout duration is set. Is it configured under pam or /etc/shadow? what entries I need to find out? Is it pam_time.so module?
I desperately need an answer because on one of the servers, no one was able to login through any account... (4 Replies)