PAM-Modules |
|
A Collection of Modules for PAM |
Sergey Poznyakoff |
The pam_innetgr
module checks if the user and current host
match a triple in the NIS netgroup supplied via the ‘netgroup’
argument. It returns success if so, and ‘PAM_AUTH_ERR’ otherwise.
Another possible return values are: ‘PAM_AUTHINFO_UNAVAIL’, if the input information was not sufficient (e.g. the username was not supplied, or the module was unable to determine the host or domain name), and ‘PAM_SERVICE_ERR’, if a generic error condition (such as a lack of memory) occurred.
In order to determine host and domain name parts, the following approach is used. First, the ‘gethostname’ function is called to obtain the hostname part. If the ‘getdomainname’ function is available, it is used to determine the domain part. If the resulting domain part is ‘NULL’ or the string ‘(none)’, the ‘gethostbyname’ function is invoked with the hostname as its argument. The returned name (technically speaking, the ‘h_name’ member of the ‘struct hostent’) is used as the canonical name of the server. It is split on the first occurrence of the dot character. The second part is used as the domain name. The options described below control this process.
This module can be used in any PAM service stack.
This document was generated on August 11, 2021 using makeinfo.
Verbatim copying and distribution of this entire article is permitted in any medium, provided this notice is preserved.