|
|
| Administering |
|
|
| PAM_AUTHZ Login Authorization Enhancement |
Table | Field Syntax in an Access Rule (Continued) | ||
|
|
|
|
| <action> | <type> | <object> |
|
|
|
|
| deny, | unix_group | A list of group name. It can be the |
| allow |
| |
|
|
| character string that is separated by a |
|
|
| separator “,” (ASCII 2C HEX). |
|
|
| Example: |
|
|
| group1, group2, group3 |
|
|
|
|
| deny, | netgroup | A list of netgroup name. It can be the |
| allow |
| |
|
|
| character string that is separated by a |
|
|
| separator “,”(ASCII 2C HEX). |
|
|
| Example: |
|
|
| netgroup1, netgroup2, netgroup3 |
|
|
|
|
| deny, | ldap_group | It is the Distinguished name of a ldap |
| allow |
| group with groupofnames objectclass or |
|
|
| groupofuniquenames objectclass. It is a |
|
|
| |
|
|
| required. The syntax of DN is defined in |
|
|
| RFC2253. |
|
|
| Example: |
|
|
| cn=ldapgroup1,cn=groups,dc=mydomain, |
|
|
| dc=com |
|
|
|
|
| deny, | ldap_filter | It is a single search descriptor that |
| allow |
| specifies one of more (attribute=value) |
|
|
| parirs. It is a single value field. Only one |
|
|
| search filter is allowed. No separator is |
|
|
| required. The syntax of DN is defined in |
|
|
| RFC2254. |
|
|
| Example: |
|
|
| (&(manager=Joeh)(department=sales)) |
|
|
|
|
Chapter 4 | 113 |