Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
PAM_REGEX(8)		  Pam-Modules User Reference		  PAM_REGEX(8)

NAME
       pam_regex - authentication using	regular	expressions

SYNOPSIS
       pam_regex [sense=SENSE] [user=NAME] [regex=EXPRESSION] [basic|extended]
       [case|ignore-case|icase]	[transform=S-EXPR] [debug[=NUMBER]]
       [waitdebug] [audit]

DESCRIPTION
       A  general-purpose  tool	 for authentication using regular expressions.
       It can be used to control access	depending on  whether  the  user  name
       matches a given regular expression or to	modify user name as per	a sed-
       like expression,	so that	subsequent modules see the modified name.

OPTIONS
       regex=EXPRESSION
	      Compare  user  name with EXPRESSION.  By default the argument is
	      treated as an extended regular  expression  with	case-sensitive
	      matching.

	      When  this  option is used, pam_regex allows only	login attempts
	      with user	names that match the given expression.	See the	sensed
	      option to	revert that behavior.

       sense=allow|deny
	      What to do if the	user name matches the expression given by  the
	      regex  option.  The value	allow (the default) instructs the mod-
	      ule to return PAM_SUCCESS,  the  deny  instructs	it  to	return
	      PAM_AUTH_ERR.

       transform=S-EXPR
	      Transform	 the user name using a sed-like	expression.  The argu-
	      ment should have the following form:
	      s/regexp/repl/[flags]

       See sed(1), for a detailed description.	Supported flags	are: g,	to ap-
       ply the replacement to all matches, not just the	first, i, to use case-
       insensitive matching, and x, which indicates that regexp	is an extended
       POSIX regular expression.  A decimal number in the  flags  field	 indi-
       cates the ordinal number	of the match to	be replaced.  Using it togeth-
       er with g results in undefined behavior.

       Any  delimiter  can be used in lieue of the slash, the only requirement
       being that it be	used consistently throughout the expression.

       basic  Use basic	regular	expressions.

       case   Use case-sensitive regular expressions (default).

       extended
	      Use extended regular expressions (default).

       ignore-case or icase
	      Use case-insensitive regular expressions.

       user=NAME
	      Upon successful matching,	set PAM	user name to STRING.

       debug[=NUMBER]
	      Set debugging level (0 <=	NUMBER <= 100).

       audit  Log full debugging information (equivalent to debug=100).

       waitdebug=N
	      Wait for N seconds before	starting up.  This option is  intended
	      to facilitate attaching to the module with gdb(1).  It is	avail-
	      able  only if the	package	was configured with the	--enable-debug
	      option.

MODULE TYPES PROVIDED
       auth

RETURN VALUES
       PAM_SUCCESS
	      Successful return.

       PAM_AUTH_ERR
	      Authentication failed.

       PAM_AUTHINFO_UNAVAIL
	      The input	information is not sufficient.

EXAMPLES
       1.     Deny access to users with	login name containig the @ sign.

       auth  required  pam_regex.so sense=deny regex=.*@.*

       2.     Convert the user name to lower case and remove anything starting
	      from the @ character:

       auth  required  pam_regex.so extended transform=s/.*/\L&/g;s/@.*//

NOTE
       This manpage is a short description of pam_regex.  For a	detailed  dis-
       cussion,	 including  examples  and  usage recommendations, refer	to the
       PAM-modules Manual available in texinfo format.	If the info reader and
       the tar documentation are properly installed on your system,  the  com-
       mand

	   info	pam-modules

       should give you access to the complete manual.

       You  can	 also view the manual using the	info mode in emacs(1), or find
       it in various formats online at

	   http://www.gnu.org.ua/software/pam-modules/manual

       If any discrepancies occur between this	manpage	 and  the  PAM-modules
       Manual, the later shall be considered the authoritative source.

SEE ALSO
       pam.conf(5), pam.d(5), pam(8), regex(7),	sed(1).

AUTHORS
       Sergey Poznyakoff <gray@gnu.org>

BUG REPORTS
       Report bugs to <bug-pam-modules@gnu.org.ua>.

COPYRIGHT
       Copyright (C) 2001-2014 Sergey Poznyakoff
       License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licens-
       es/gpl.html>
       This  is	 free  software:  you  are free	to change and redistribute it.
       There is	NO WARRANTY, to	the extent permitted by	law.

PAM-MODULES			March 28, 2014			  PAM_REGEX(8)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pam_regex&sektion=8&manpath=FreeBSD+Ports+15.0>

home | help