LDAP-UX Client Services B.04.00 Administrator's Guide
Administering LDAP-UX Client Services
PAM_AUTHZ Login Authorization Enhancement
Chapter 4112
Constructing an Access Rule in pam_authz.policy
In the policy file, /etc/opt/ldapux/pam_authz.policy, an access rule
consists of three fields as follows:
<action>:<type>:<rule>
All fields are mandatory. If any field is missing or contains the incorrect
syntax, the access rule is considered to be invalid and is ignored by
PAM_AUTHZ.
These fields have the following limitations:
• No leading or trailing empty space is allowed in a field
• Fields are separated by a separator, :
• No leading or trailing empty space is allowed in a separator
• An access rule is terminated by a carriage return
Fields in an Access Rule
Table 4-1 shows a summary on all possible values and syntax of an
access rule:
Table 4-1 Field Syntax in an Access Rule
<action> <type> <object>
deny,
allow
unix_user A list of user name. It can be the
multi-valued field. Each value is a
character string that is separated by a
separator “,” (ASCII 2C HEX).
Example:
user1, user2, user3