![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2024-01-03
pam_succeed_if - test account characteristics
log:
Jan 2 18:54:36 sshgw sshd[16739]: pam_succeed_if(sshd:auth): requirement "user notingroup root" was met by user "ansible"
module arguments:
quiet - Don't log failure or success to the system log.
fields - user, uid, gid, shell, home and service (field op number) {op: =, >, <, !=}
i.e.
user ingroup group - User is in given group.
user notingroup group - User is not in given group.
Return Values
PAM_SUCCESS - The condition was true.
PAM_AUTH_ERR - The condition was false.
PAM_SERVICE_ERR - A service error occurred.
Stupid Tricks with PAM - [default=1 success=ignore]
control flag:
[value1=action1 value2=action2 ...]
default=integers number of modules in the stack to jump over next
success=action Successful function return
action:
ignore The module's return status will not influence the final result unless there are no other modules in the stack.
bad The module's return status should indicate a module failure.
If it is the first failure, this return status will be used for the entire stack.
die Idem, except that the stack also terminates and control is immediately returned to the application.
ok The return code will override a previous success state of the stack, but not a previous failure state.
done Idem, except that the stack also terminates and control is immediately returned to the application.
reset Clear the stack's memory and start again with the next stacked module.
e.g.
# google_authenticator needed only for a certain group:
# root 不用 google_authenticator
auth [default=1 success=ignore] pam_succeed_if.so quiet user notingroup <group> auth required pam_google_authenticator.so
log
由於 datahunter 不用 root group, 所以他的入 google_authenticator
Oct 18 22:16:03 sshgw sshd[28835]: pam_succeed_if(sshd:auth): requirement "user notingroup root" was met by user "datahunter"
