pam_authz.5 (2010 09)
p
pam_authz(5) pam_authz(5)
Type Object
unix_user This field contains a list of usernames. Each value (username) is a char-
acter string that is separated by a comma (
,) separator, ASCII 2C HEX.
Multi-valued field.
unix_local_user
No parameters are required in the object field.
unix_group This field contains a list of unix group names. Each value (group name)
is a character string that is separated by a comma (
,) separator, ASCII
2C HEX. Multi-valued field.
netgroup This field contains a list of
netgroup names. Each value (group name)
is a character string that is separated by a comma separator (,), ASCII
2C HEX. Multi-valued field.
passwd_compat No parameters are required in the object field. The list of users and net-
groups that are allowed/denied are defined using the +/- NIS-style
escapes located in the /etc/passwd file.
ldap_group This field contains a distinguished name (DN) of an LDAP group (non-
Posix group) with
groupOfNames
objectclass or groupOfUni-
queNames objectclass. Syntax of DN is defined in RFC2253. Single-
valued field. No separator is required. Only one distinguished name is
allowed.
ldap_filter
In ldap_filter access rules, this field contains a single search filter
that specifies one or more (attribute=value) pairs. Syntax of string
search filter is defined in RFC2254 Single-valued field. No separator is
required. Only one search filter is allowed.
ldap_filter access rule type can be enhanced with the use of dynamic
variables. It is specified using the $[variable_name] syntax. A ldap_filter
can contain one or more dynamic variables.
PAM_AUTHZ provides the following dynamic variables:
HOSTNAME
Returns the fully qualified host name of the local system from which the
user attempts to log on.
HOSTIP
Returns the IP address of the local system from which the user ttempts
to log on.
TERMINAL
Returns the terminal type of the computer from which the user attempts
to log on.
TIMEOFTHEDAY
Returns the current time of the computer system from which the user
attempts to log on. TIMEOFTHEDAY follows the <UTC Time> syntax as
described by RFC4517.
SERVICE
Returns the name of the PAM service from which the user attempts to
access. For example, comman PAM services names include ftp, login, tel-
net.
4 Hewlett-Packard Company − 4 − HP-UX 11i v3: June 2010 Web Release