In FreeBSD pam_group does exactly what I want:
NAME pam_group -- Group PAM module
SYNOPSIS [service-name] module-type control-flag pam_group [arguments]
DESCRIPTION The group service module for PAM accepts or rejects users based on their membership in a particular file group.
The following options may be passed to the pam_group module:
deny Reverse the meaning of the test, i.e., reject the applicant if and only if he or she is a member of the specified group. This can be useful to exclude certain groups of users from certain services.
fail_safe If the specified group does not exist, or has no members, act as if it does exist and the applicant is a member.
group=groupname
Specify the name of the group to check. The default is
``wheel''.
root_only Skip this module entirely if the target account is not the
superuser account.SEE ALSO pam.conf(5), pam(8)
AUTHORS The pam_group module and this manual page were developed for the FreeBSD Project by ThinkSec AS and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (``CBOSS''), as part of the DARPA CHATS research program.
FreeBSD 6.2 February 6, 2003 FreeBSD 6.2
John Robinson пишет:
On 28/03/2007 16:52, Taras Savchuk wrote:
Pam auth don't work when I add pam_group:
pam_group grants membership to groups, it can't be used to authenticate. Use pam_wheel or pam_succeed_if, and see http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html
Cheers,
John.
-- С уважением, Савчук Тарас ООО "Элантек" : Аутсорсинг ИТ, WEB-разработка http://www.elantech.ru +7 (495) 589 68 81 +7 (926) 575 22 11