Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
PAM_REGEX(8)		  Pam-Modules User Reference		  PAM_REGEX(8)

NAME
       pam_regex - authentication using	regular	expressions

SYNOPSIS
       pam_regex [sense=SENSE] [user=NAME] [regex=EXPRESSION] [basic|extended]
       [case|ignore-case|icase]	[transform=S-EXPR] [debug[=NUMBER]]
       [waitdebug] [audit]

DESCRIPTION
       A  general-purpose  tool	 for authentication using regular expressions.
       It can be used to control access	depending on  whether  the  user  name
       matches a given regular expression or to	modify user name as per	a sed-
       like expression,	so that	subsequent modules see the modified name.

OPTIONS
       regex=EXPRESSION
	      Compare user name	with EXPRESSION.  By default the  argument  is
	      treated  as  an  extended	regular	expression with	case-sensitive
	      matching.

	      When this	option is used,	pam_regex allows only  login  attempts
	      with user	names that match the given expression.	See the	sensed
	      option to	revert that behavior.

       sense=allow|deny
	      What to do if the	user name matches the expression given by  the
	      regex  option.  The value	allow (the default) instructs the mod-
	      ule to return PAM_SUCCESS,  the  deny  instructs	it  to	return
	      PAM_AUTH_ERR.

       transform=S-EXPR
	      Transform	 the user name using a sed-like	expression.  The argu-
	      ment should have the following form:
	      s/regexp/repl/[flags]

       See sed(1), for a detailed description.	Supported flags	are: g,	to ap-
       ply the replacement to all matches, not just the	first, i, to use case-
       insensitive matching, and x, which indicates that regexp	is an extended
       POSIX  regular  expression.   A decimal number in the flags field indi-
       cates the ordinal number	of the match to	be  replaced.	Using  it  to-
       gether with g results in	undefined behavior.

       Any  delimiter  can be used in lieue of the slash, the only requirement
       being that it be	used consistently throughout the expression.

       basic  Use basic	regular	expressions.

       case   Use case-sensitive regular expressions (default).

       extended
	      Use extended regular expressions (default).

       ignore-case or icase
	      Use case-insensitive regular expressions.

       user=NAME
	      Upon successful matching,	set PAM	user name to STRING.

       debug[=NUMBER]
	      Set debugging level (0 <=	NUMBER <= 100).

       audit  Log full debugging information (equivalent to debug=100).

       waitdebug=N
	      Wait for N seconds before	starting up.  This option is  intended
	      to facilitate attaching to the module with gdb(1).  It is	avail-
	      able only	if the package was configured with the	--enable-debug
	      option.

MODULE TYPES PROVIDED
       auth

RETURN VALUES
       PAM_SUCCESS
	      Successful return.

       PAM_AUTH_ERR
	      Authentication failed.

       PAM_AUTHINFO_UNAVAIL
	      The input	information is not sufficient.

EXAMPLES
       1.     Deny access to users with	login name containig the @ sign.

       auth  required  pam_regex.so sense=deny regex=.*@.*

       2.     Convert the user name to lower case and remove anything starting
	      from the @ character:

       auth  required  pam_regex.so extended transform=s/.*/\L&/g;s/@.*//

NOTE
       This manpage is a short description of pam_regex.  For a	detailed  dis-
       cussion,	 including  examples  and  usage recommendations, refer	to the
       PAM-modules Manual available in texinfo format.	If the info reader and
       the  tar	 documentation are properly installed on your system, the com-
       mand

	   info	pam-modules

       should give you access to the complete manual.

       You can also view the manual using the info mode	in emacs(1),  or  find
       it in various formats online at

	   http://www.gnu.org.ua/software/pam-modules/manual

       If  any	discrepancies  occur  between this manpage and the PAM-modules
       Manual, the later shall be considered the authoritative source.

SEE ALSO
       pam.conf(5), pam.d(5), pam(8), regex(7),	sed(1).

AUTHORS
       Sergey Poznyakoff <gray@gnu.org>

BUG REPORTS
       Report bugs to <bug-pam-modules@gnu.org.ua>.

COPYRIGHT
       Copyright (C) 2001-2014 Sergey Poznyakoff
       License GPLv3+: GNU GPL version 3 or later <http://gnu.org/li-
       censes/gpl.html>
       This  is	 free  software:  you  are free	to change and redistribute it.
       There is	NO WARRANTY, to	the extent permitted by	law.

PAM-MODULES			March 28, 2014			  PAM_REGEX(8)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | MODULE TYPES PROVIDED | RETURN VALUES | EXAMPLES | NOTE | SEE ALSO | AUTHORS | BUG REPORTS | COPYRIGHT

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pam_regex&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help