aboutsummaryrefslogtreecommitdiff
path: root/doc/pam-modules.texi
diff options
context:
space:
mode:
Diffstat (limited to 'doc/pam-modules.texi')
-rw-r--r--doc/pam-modules.texi46
1 files changed, 46 insertions, 0 deletions
diff --git a/doc/pam-modules.texi b/doc/pam-modules.texi
index 28043f4..a0578da 100644
--- a/doc/pam-modules.texi
+++ b/doc/pam-modules.texi
@@ -34,6 +34,7 @@
* pam_ldaphome (pam-modules)ldaphome Maintain home directories and
SSH keys od LDAP users.
* pam_umotd (pam-modules)umotd Display a user-specific MOTD.
+* pam_groupmember (pam_modules)groupmember Test group membership.
* pamck: (pam-modules)pamck. Verify PAM Access.
@end direntry
@end ifinfo
@@ -85,6 +86,7 @@ Individual modules
* sql:: Modules for SQL authentication and session management.
* ldaphome:: Maintain home directories and SSH keys of LDAP users.
* umotd:: Display a user-specific MOTD.
+* groupmember:: Test group membership.
* Reporting Bugs:: How to Report a Bug.
@@ -1453,6 +1455,50 @@ Exit immediately if the 5-minute load average is greater than or equal
to @var{d} (a floating-point number).
@end table
+@node groupmember
+@chapter pam_groupmember
+@set MODULE pam_umotd
+@cindex groupmember
+@cindex group membership
+@cindex test group membership
+
+The @command{pam_groupmember} module checks whether the user is member
+of one or more groups. Both primary and supplementary groups are
+checked. The list of groups to be checked is given with the
+@option{groups} option. Its argument is a comma-separated list of
+group names of numeric IDs, prefixed with @samp{+} sign.
+
+The module returns PAM_SUCCESS if the user is member of one of the
+supplied groups and PAM_AUTH_ERR on otherwise. The return value can
+be inverted using the @option{sense=deny} option.
+
+Additionally, the module can return PAM_USER_UNKNOWN if the user is
+not known and PAM_AUTHINFO_UNAVAIL if unable to retrieve the user
+name.
+
+The @command{pam_groupmember} module can be used in any PAM service stack.
+
+@menu
+* summary of pam_groupmember options::
+@end menu
+
+@node summary of pam_groupmember options
+@section Summary of @command{pam_groupmember} options
+
+@table @option
+@opsummary{groups}
+@item groups=@var{group-list}
+Defines groups to check against. The argument is a comma-separated
+list of group names or IDs. Group IDs must be prefixed with a plus
+sign.
+
+@opsummary{sense}
+@item sense=@{allow|deny@}
+ What to do on success. The value @samp{allow} means to return
+@code{PAM_SUCCESS}, @samp{deny} means to return @code{PAM_AUTH_ERR}.
+Default is @samp{allow}.
+@end table
+
@node Reporting Bugs
@chapter How to Report a Bug

Return to:

Send suggestions and report system problems to the System administrator.

Generated by cgit.