pam_sacl.8   [plain text]


.\"
.\" Copyright (c) 2009 Apple Inc. All rights reserved.
.\"
.\" @APPLE_LICENSE_HEADER_START@
.\" 
.\" This file contains Original Code and/or Modifications of Original Code
.\" as defined in and that are subject to the Apple Public Source License
.\" Version 2.0 (the 'License'). You may not use this file except in
.\" compliance with the License. Please obtain a copy of the License at
.\" http://www.opensource.apple.com/apsl/ and read it before using this
.\" file.
.\" 
.\" The Original Code and all software distributed under the License are
.\" distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
.\" EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
.\" INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
.\" FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
.\" Please see the License for the specific language governing rights and
.\" limitations under the License.
.\" 
.\" @APPLE_LICENSE_HEADER_END@
.\"
.Dd February 7, 2009
.Dt pam_sacl 8
.Os
.Sh NAME
.Nm pam_sacl
.Nd Service Access Control List PAM module
.Sh SYNOPSIS
.Op Ar service-name
.Ar function-class
.Ar control-flag
pam_sacl
.Op Ar options
.Sh DESCRIPTION
The Service Access Control List PAM module supports the account management function class.  In terms of the
.Ar function-class
parameter, this is the
.Dq Li account
class.
.Pp
The Service Access Control List account management module verifies that the authenticated user is permitted access by checking the username against the the SACL of the service named by the
.Cm sacl_service
option.
.Pp
The following option must be passed to this account module:
.Bl -tag
.It Cm sacl_service=SERVICE
This option names the SACL that the username should be checked against.  SERVICE should be the literal name of the service
.Pq eg. Dq sacl_service=smb .
.El
.Pp
The following options may be passed to the account module:
.Bl -tag
.It Cm allow_trustacct
Always allow access to computer trust accounts.
.It Cm debug
Debug information will be printed to the system log.
.El
.Sh SEE ALSO
.Xr pam.conf 5 ,
.Xr pam 8