Service manual

191Appendix J Linux-PAM

Cyclades-TS Installation & Service Manual

pam_wheel - Only permit root authentication to members of wheel group.

Arguments

The arguments are a list of tokens that are passed to the module when it is invoked. They are much like arguments

to a typical Linux shell command. Generally, valid arguments are optional and are specific to any given module.

Invalid arguments are ignored by a module, however, when encountering an invalid argument, the module is

required to write an error to syslog(3).

The following are optional arguments which are likely to be understood by any module. Arguments (including

these) are in general optional.

debug - Use the syslog(3) call to log debugging information to the system log files.

no_warn - Instruct module to not give warning messages to the application.

use_first_pass - The module should not prompt the user for a password. Instead, it should obtain the

previously typed password (from the preceding auth module), and use that. If that doesn’t work, then the

user will not be authenticated. (This option is intended for auth and password modules only).

try_first_pass - The module should attempt authentication with the previously typed password (from the

preceding auth module). If that doesn’t work, then the user is prompted for a password. (This option is

intended for auth modules only).

use_mapped_pass - This argument is not currently supported by any of the modules in the Linux-PAM

distribution because of possible consequences associated with U.S. encryption exporting restrictions.

expose_account - In general the leakage of some information about user accounts is not a secure policy for

modules to adopt. Sometimes information such as user names or home directories, or preferred shell, can