PAM_SECURETTY(8) BSD System Manager's Manual PAM_SECURETTY(8)NAME
pam_securetty -- SecureTTY PAM module
SYNOPSIS
[service-name] module-type control-flag pam_securetty [options]
DESCRIPTION
The SecureTTY service module for PAM provides functionality for only one PAM category: account management. In terms of the module-type
parameter, this is the ``account'' feature. It also provides null functions for authentication and session management.
SecureTTY Account Management Module
The SecureTTY account management component (pam_sm_acct_mgmt()), returns failure if the user is attempting to authenticate as superuser, and
the process is attached to an insecure TTY. In all other cases, the module returns success.
A TTY is considered secure if it is listed in /etc/ttys and has the TTY_SECURE flag set.
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
no_warn suppress warning messages to the user. These messages include reasons why the user's authentication attempt was declined.
SEE ALSO getttynam(3), syslog(3), pam.conf(5), ttys(5), pam(8)BSD July 8, 2001 BSD
Check Out this Related Man Page
PAM_NOLOGIN(8) BSD System Manager's Manual PAM_NOLOGIN(8)NAME
pam_nologin -- NoLogin PAM module
SYNOPSIS
[service-name] module-type control-flag pam_nologin [options]
DESCRIPTION
The NoLogin service module for PAM, pam_nologin provides functionality for only one PAM category: account management. In terms of the
module-type parameter, this is the ``account'' feature.
NoLogin Account Management Module
The NoLogin account management component, pam_sm_acct_mgmt(), verifies whether logins are administratively disabled via nologin(5). It
returns success if the user's login class has an "ignorenologin" capability specified in login.conf(5) or the nologin(5) file does not exist.
If neither condition is met, then the contents of nologin(5) are echoed before failure is returned. The location of nologin(5) is specified
by a "nologin" capability in login.conf(5), which defaults to /var/run/nologin.
The following options may be passed to the module:
debug syslog(3) debugging information at LOG_DEBUG level.
no_warn suppress warning messages to the user. These messages include reasons why the user's login attempt was declined.
SEE ALSO syslog(3), login.conf(5), nologin(5), pam.conf(5), pam(8)BSD June 10, 2007 BSD
I frequently rexec into a remote box to run a job, occaisionally I get the the error message "rexecd: Account Disabled" and in the remote box syslog I see "rexecd: PAM - status 28 PAM error message: account is disabled". After a 1/2 hour or so the problem goes away. Anyone shed any light on... (0 Replies)
My PAM module seems to work right but it fails in authentication. Althought it can't authenticate, the session module works and the software who uses it executes well.
For example, when I login through "gdm" using pam to authenticate against an ldap server
/var/log/auth.log shows
Any... (1 Reply)
Hi all. be gentle, its my first time :-)
I seem to have had this isse dumped on me and could do with help/advice.
We have several Solaris10 servers, authentication is done per server using the usual useradd and the passwd/group/shadow files.
we're now at a point where we need some way of... (4 Replies)
On a redhat linux 4 server, how to find if there is an account lockout duration is set. Is it configured under pam or /etc/shadow? what entries I need to find out? Is it pam_time.so module?
I desperately need an answer because on one of the servers, no one was able to login through any account... (4 Replies)