Section: Linux\-PAM Manual (8)
pam_localuser - require users to be listed in /etc/passwd
pam_localuser.so [debug] [file=/path/passwd]
pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users.
This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out.
Print debug information.
Use a file other than
MODULE TYPES PROVIDED
All module types (account,
session) are provided.
The new localuser was set successfully.
Memory buffer error.
The conversation method supplied by the application failed to obtain the username.
The conversation method supplied by the application returned PAM_CONV_AGAIN.
The user name is not valid or the passwd file is unavailable.
The user is not listed in the passwd file.
Add the following lines to
to allow only local users or group wheel to use su.
account sufficient pam_localuser.so
account required pam_wheel.so
Local user account information.
pam_localuser was written by Nalin Dahyabhai <email@example.com>.