Administering
PAM_AUTHZ Login Authorization Enhancement
Table | Field Syntax in an Access Rule (Continued) | ||
|
|
|
|
| <action> | <type> | <object> |
|
|
|
|
| deny, | other | No value is required. |
| allow |
|
|
|
|
|
|
The following describes three fields defined in an access rule in details:
<action> | This field defines a user’s final access permission if an |
| access rule is evaluated to be true. Valid entries are |
| allow and deny, where allow and deny are character |
| strings and the value itself is not case sensitive. |
| PAM_AUTHZ does not evaluate an access rule if no |
| option is defined or if the action field contains an |
| invalid string. |
| <action> field must be one of following values: |
| allow |
| This option indicates that a user is granted the login |
| authorization. |
| deny |
| This option indicates that a user’s login authorization |
| is denied. |
<type> | The value in this field represents the type of access |
| rule. It defines what kinds of user information that |
| PAM_AUTHZ needs to look for. The value also helps to |
| determine the correct syntax in the following <object> |
| field. |
| The valid values for this field are unix_user, |
| unix_group, , ldap_group, ldap_filter and other. |
| The following describes these valid values for this field |
| in details: |
114 | Chapter 4 |