Administering
PAM_AUTHZ Login Authorization Enhancement
Constructing an Access Rule in pam_authz.policy
In the policy file, /etc/opt/ldapux/pam_authz.policy, an access rule consists of three fields as follows:
<action>:<type>:<rule>
All fields are mandatory. If any field is missing or contains the incorrect syntax, the access rule is considered to be invalid and is ignored by PAM_AUTHZ.
These fields have the following limitations:
•No leading or trailing empty space is allowed in a field
•Fields are separated by a separator, :
•No leading or trailing empty space is allowed in a separator
•An access rule is terminated by a carriage return
| Fields in an Access Rule |
| |
| Table | ||
| access rule: |
|
|
Table | Field Syntax in an Access Rule | ||
|
|
|
|
| <action> | <type> | <object> |
|
|
|
|
| deny, | unix_user | A list of user name. It can be the |
| allow |
| |
|
|
| character string that is separated by a |
|
|
| separator “,” (ASCII 2C HEX). |
|
|
| Example: |
|
|
| user1, user2, user3 |
|
|
|
|
112 | Chapter 4 |