NAME
pam_group —
Group PAM module
SYNOPSIS
[
service-name]
module-type control-flag
pam_group
[
arguments]
DESCRIPTION
The group service module for PAM accepts or rejects users based on their
membership in a particular file group.
The following options may be passed to the
pam_group module:
-
-
- deny
- Reverse the meaning of the test, i.e., reject the applicant
if and only if he or she is a member of the specified group. This can be
useful to exclude certain groups of users from certain services.
-
-
- fail_safe
- If the specified group does not exist, or has no members,
act as if it does exist and the applicant is a member.
-
-
- group=groupname
- Specify the name of the group to check. The default is
“
wheel
”.
-
-
- root_only
- Skip this module entirely if the target account is not the
superuser account.
-
-
- authenticate
- The user is asked to authenticate using his own
password.
SEE ALSO
pam.conf(5),
pam(8)
AUTHORS
The
pam_group module and this manual page were developed for
the
FreeBSD Project by ThinkSec AS and NAI Labs, the
Security Research Division of Network Associates, Inc. under DARPA/SPAWAR
contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA CHATS
research program.