The lines of the configuration file have the following syntax:
The user can be specified in the following manner:
· a username
· a groupname, with @group syntax. This should not be confused with
· a SELinux user name with %seuser syntax.
The recognized options are:
Only single login session will be allowed for the user and the
user's processes will be killed on logout.
The module will never return PAM_SUCCESS status for the user. It
will return PAM_IGNORE if SELinux is in the enforcing mode, and
PAM_AUTH_ERR otherwise. It is useful if you want to support
passwordless guest users and other confined users with passwords
The lines which start with # character are comments and are ignored.
This page is part of the linux-pam (Pluggable Authentication Modules
for Linux) project. Information about the project can be found at
⟨https://fedorahosted.org/linux-pam/⟩. If you have a bug report for
this manual page, see ⟨https://fedorahosted.org/linux-pam/report⟩.
This page was obtained from the tarball Linux-PAM-1.3.0.tar.gz
fetched from ⟨http://www.linux-pam.org/library/⟩ on 2017-03-13. If
you discover any rendering problems in this HTML version of the page,
or you believe there is a better or more up-to-date source for the
page, or you have corrections or improvements to the information in
this COLOPHON (which is not part of the original manual page), send a
mail to firstname.lastname@example.org
Linux-PAM Manual 04/01/2016 SEPERMIT.CONF(5)