Univention Bugzilla – Bug 31361
Developer documentation for PAM, especially /etc/security/access*
Last modified: 2024-04-17 13:16:14 CEST
What for: restrict PAM access to services by users and groups How to config: ucr set auth/$service/restrict=yes \ auth/$service/group/$group=yes auth/$service/user/$user=yes How used: pam_access.so accessfile=/etc/security/access-gdm.conf listsep=, maxent=0x400001 Where: <http://jenkins.knut.univention.de:8080/job/UCS-3.1-2 Handbook Developer/ws/webroot/developer-reference-3.1.html#misc:acl> Link to <http://jenkins.knut.univention.de:8080/job/UCS-3.1-2%20Handbook%20UCS/ws/webroot/manual-3.1-1.html#computers:Limiting_authentication_to_selected_users> Link to "man pam_access access.conf" See Bug #20138 for more background See Bug #31360 for issues univention-pam.cfg:[auth/.*/group/.*] univention-pam.cfg:Description[de]=Erlaubt der Gruppe Zugriff auf den Dienst, z.B. "auth/sshd/group/Domain Admins=yes". univention-pam.cfg:Description[en]=Allows access to service by group, e.g. "auth/sshd/group/Domain Admins=yes". univention-pam.cfg:[auth/.*/user/.*] univention-pam.cfg:Description[de]=Erlaubt dem Benutzer Zugriff auf den Dienst, z.B. "auth/sshd/user/Administrator=yes". univention-pam.cfg:Description[en]=Allows access to service by user, e.g. auth/sshd/user/Administrator=yes".
This bug hasn't seen any update for several years. I close it. If you still see a need for it, you can reopen the bug. Please add an argumentation about why it's important to take care of it.