Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_group(8) [netbsd man page]

PAM_GROUP(8)						    BSD System Manager's Manual 					      PAM_GROUP(8)

NAME
pam_group -- Group PAM module SYNOPSIS
[service-name] module-type control-flag pam_group [arguments] DESCRIPTION
The group service module for PAM accepts or rejects users based on their membership in a particular file group. The following options may be passed to the pam_group module: deny Reverse the meaning of the test, i.e., reject the applicant if and only if he or she is a member of the specified group. This can be useful to exclude certain groups of users from certain services. fail_safe If the specified group does not exist, or has no members, act as if it does exist and the applicant is a member. group=groupname Specify the name of the group to check. The default is ``wheel''. root_only Skip this module entirely if the target account is not the superuser account. authenticate The user is asked to authenticate using his own password. SEE ALSO
pam.conf(5), pam(8) AUTHORS
The pam_group module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program. BSD
February 1, 2005 BSD

Check Out this Related Man Page

PAM_GROUP(8)							 Linux-PAM Manual						      PAM_GROUP(8)

NAME
pam_group - PAM module for group access SYNOPSIS
pam_group.so DESCRIPTION
The pam_group PAM module does not authenticate the user, but instead it grants group memberships (in the credential setting phase of the authentication module) to the user. Such memberships are based on the service they are applying for. By default rules for group memberships are taken from config file /etc/security/group.conf. This module's usefulness relies on the file-systems accessible to the user. The point being that once granted the membership of a group, the user may attempt to create a setgid binary with a restricted group ownership. Later, when the user is not given membership to this group, they can recover group membership with the precompiled binary. The reason that the file-systems that the user has access to are so significant, is the fact that when a system is mounted nosuid the user is unable to create or execute such a binary file. For this module to provide any level of security, all file-systems that the user has write access to should be mounted nosuid. The pam_group module functions in parallel with the /etc/group file. If the user is granted any groups based on the behavior of this module, they are granted in addition to those entries /etc/group (or equivalent). OPTIONS
This module does not recognise any options. MODULE TYPES PROVIDED
Only the auth module type is provided. RETURN VALUES
PAM_SUCCESS group membership was granted. PAM_ABORT Not all relevant data could be gotten. PAM_BUF_ERR Memory buffer error. PAM_CRED_ERR Group membership was not granted. PAM_IGNORE pam_sm_authenticate was called which does nothing. PAM_USER_UNKNOWN The user is not known to the system. FILES
/etc/security/group.conf Default configuration file SEE ALSO
group.conf(5), pam.d(5), pam(8). AUTHORS
pam_group was written by Andrew G. Morgan <morgan@kernel.org>. Linux-PAM Manual 09/19/2013 PAM_GROUP(8)
Man Page

6 More Discussions You Might Find Interesting

1. Cybersecurity

recieving undeliverable reciepts of spam mails that seem to be coming from my domain

Hi I am getting undeliverable reciepts for what look like spam emails coming from my domain. Here is an example: Your message did not reach some or all of the intended recipients. Subject:Attack your baby, she wants Sent:02/12/2008 01:45 The following recipient(s) cannot be reached:... (4 Replies)
Discussion started by: edzillion
4 Replies

2. Debian

nss_ldap failed to bind to LDAP server

Hi every body! I have an debian lenny server with samba and openldap on it. 1. Problem: i can not login ldap user auth.log: nss_ldap: could not connect to any LDAP server as cn=admin,dc=innsbruck,dc=sti,dc=at - Can't contact LDAP server 2. Problem: auth.log: nss_ldap: failed to bind to... (1 Reply)
Discussion started by: magge
1 Replies

3. Solaris

Solaris 10 openldap authentication with md5 passwords

Hello to everyone, We are trying to enable ldap authentication with pam_ldap and md5 passwords on a Solaris 10 system to an openldap server. If passwords are stored using crypt, everything works correctly. But if the password in openldap is in md5, then authentication fails. We have installed... (0 Replies)
Discussion started by: jfotop
0 Replies

4. Red Hat

LDAP Script

Hello there everyone. I have a question. How can you make querys to LDAP server to get the users that hav access on a names server.I'll explain: I have a lot of servers, and I use LDAP for user authentication. What I want is to make a script that will give me on the server that I want the... (3 Replies)
Discussion started by: theboogymaster
3 Replies

5. Shell Programming and Scripting

LDAP and PAM Configurations for Windows 2008 R2 ADS and Cubox Ubuntu client

Please I am having problem to login using Active Directory Services 2008 R2 accounts on a cubox ubuntu (2.6.32.9-dove-5.4.2 #46). "getent passwd" only shows local users, however I can querry ADS users using ldapsearch command. I have 2 systems, one that does not use gdm can login with all users... (0 Replies)
Discussion started by: powelltallen
0 Replies

6. Cybersecurity

LDAP and PAM Configurations for Windows 2008 R2 ADS and Cubox Ubuntu client

Please I am having problem to login using Windows 2008 R2 Active Directory Services accounts on a cubox ubuntu (2.6.32.9-dove-5.4.2 #46). "getent passwd" only shows local users, however I can querry ADS users using ldapsearch command. I have 2 systems, one that does not use gdm can login with all... (1 Reply)
Discussion started by: powelltallen
1 Replies