In FreeBSD pam_group does exactly what I want:
NAME
pam_group -- Group PAM module
SYNOPSIS
[service-name] module-type control-flag pam_group [arguments]
DESCRIPTION
The group service module for PAM accepts or rejects users based on
their
membership in a particular file group.
The following options may be passed to the pam_group module:
deny Reverse the meaning of the test, i.e., reject the
applicant if
and only if he or she is a member of the specified group.
This can be useful to exclude certain groups of users from
certain services.
fail_safe If the specified group does not exist, or has no
members, act
as if it does exist and the applicant is a member.
group=groupname
Specify the name of the group to check. The default is
``wheel''.
root_only Skip this module entirely if the target account is not the
superuser account.
SEE ALSO
pam.conf(5), pam(8)
AUTHORS
The pam_group module and this manual page were developed for the
FreeBSD
Project by ThinkSec AS and NAI Labs, the Security Research Division of
Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
(``CBOSS''), as part of the DARPA CHATS research program.
FreeBSD 6.2 February 6, 2003
FreeBSD 6.2
John Robinson пишет:
On 28/03/2007 16:52, Taras Savchuk wrote:
Pam auth don't work when I add pam_group:
pam_group grants membership to groups, it can't be used to authenticate.
Use pam_wheel or pam_succeed_if, and see
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html
Cheers,
John.
--
С уважением, Савчук Тарас
ООО "Элантек" : Аутсорсинг ИТ, WEB-разработка
http://www.elantech.ru
+7 (495) 589 68 81
+7 (926) 575 22 11
