Administering LDAP-UX Client Services

PAM_AUTHZ Login Authorization Enhancement

Table 4-1

Field Syntax in an Access Rule (Continued)

 

 

 

 

 

<action>

<type>

<object>

 

 

 

 

 

deny,

other

No value is required.

 

allow

 

 

 

 

 

 

The following describes three fields defined in an access rule in details:

<action>

This field defines a user’s final access permission if an

 

access rule is evaluated to be true. Valid entries are

 

allow and deny, where allow and deny are character

 

strings and the value itself is not case sensitive.

 

PAM_AUTHZ does not evaluate an access rule if no

 

option is defined or if the action field contains an

 

invalid string.

 

<action> field must be one of following values:

 

allow

 

This option indicates that a user is granted the login

 

authorization.

 

deny

 

This option indicates that a user’s login authorization

 

is denied.

<type>

The value in this field represents the type of access

 

rule. It defines what kinds of user information that

 

PAM_AUTHZ needs to look for. The value also helps to

 

determine the correct syntax in the following <object>

 

field.

 

The valid values for this field are unix_user,

 

unix_group, , ldap_group, ldap_filter and other.

 

The following describes these valid values for this field

 

in details:

114

Chapter 4

Page 128
Image 128
HP UX LDAP-UX Integration Software manual No value is required, Action