LDAP-UX Client Services B.04.00 Administrator's Guide
Administering LDAP-UX Client Services
PAM_AUTHZ Login Authorization Enhancement
Chapter 4114
The following describes three fields defined in an access rule in details:
<action> This field defines a user’s final access permission if an
access rule is evaluated to be true. Valid entries are
allow and deny, where allow and deny are character
strings and the value itself is not case sensitive.
PAM_AUTHZ does not evaluate an access rule if no
option is defined or if the action field contains an
invalid string.
<action> field must be one of following values:
allow
This option indicates that a user is granted the login
authorization.
deny
This option indicates that a user’s login authorization
is denied.
<type> The value in this field represents the type of access
rule. It defines what kinds of user information that
PAM_AUTHZ needs to look for. The value also helps to
determine the correct syntax in the following <object>
field.
The valid values for this field are unix_user,
unix_group, , ldap_group, ldap_filter and other.
The following describes these valid values for this field
in details:
deny,
allow
other No value is required.
Table 4-1 Field Syntax in an Access Rule (Continued)
<action> <type> <object>