6.4. pam_deny - locking-out PAM module

pam_deny.so

6.4.1. DESCRIPTION

This module can be used to deny access. It always indicates a failure to the application through the PAM framework. It might be suitable for using for default (the OTHER ) entries.

6.4.2. OPTIONS

This module does not recognise any options.

6.4.3. MODULE TYPES PROVIDED

All module types ( account , auth , password and session ) are provided.

6.4.4. RETURN VALUES

  • PAM_AUTH_ERR

    • This is returned by the account and auth services.
  • PAM_CRED_ERR

    • This is returned by the setcred function.
  • PAM_AUTHTOK_ERR

    • This is returned by the password service.
  • PAM_SESSION_ERR

    • This is returned by the session service.

6.4.5. EXAMPLES

#%PAM-1.0
#
# If we don't have config entries for a service, the
# OTHER entries are used. To be secure, warn and deny
# access to everything.
other auth     required       pam_warn.so
other auth     required       pam_deny.so
other account  required       pam_warn.so
other account  required       pam_deny.so
other password required       pam_warn.so
other password required       pam_deny.so
other session  required       pam_warn.so
other session  required       pam_deny.so

6.4.6. AUTHOR

pam_deny was written by Andrew G. Morgan <morgan@kernel.org>