pam_sacl(8) System Manager's Manual pam_sacl(8)

pam_saclService Access Control List PAM module

[service-name] function-class control-flag pam_sacl [options]

The Service Access Control List PAM module supports the account management function class. In terms of the function-class parameter, this is the “account” class.

The Service Access Control List account management module verifies that the authenticated user is permitted access by checking the username against the the SACL of the service named by the sacl_service option.

The following option must be passed to this account module:

This option names the SACL that the username should be checked against. SERVICE should be the literal name of the service (e.g. “sacl_service=smb”).

The following options may be passed to the account module:

Always allow access to computer trust accounts.
Debug information will be printed to the system log.

pam.conf(5), pam(8)

February 7, 2009 Mac OS X 12