<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id='pam_usertype'>
<refmeta>
<refentrytitle>pam_usertype</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class='sectdesc'>Linux-PAM</refmiscinfo>
</refmeta>
<refnamediv id='pam_usertype-name'>
<refname>pam_usertype</refname>
<refpurpose>check if the authenticated user is a system or regular account</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis id='pam_usertype-cmdsynopsis'>
<command>pam_usertype.so</command>
<arg choice='opt' rep='repeat'><replaceable>flag</replaceable></arg>
<arg choice='req'><replaceable>condition</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='pam_usertype-description'>
<title>DESCRIPTION</title>
<para>
pam_usertype.so is designed to succeed or fail authentication
based on type of the account of the authenticated user.
The type of the account is decided with help of
<emphasis>SYS_UID_MIN</emphasis> and <emphasis>SYS_UID_MAX</emphasis>
settings in <emphasis>/etc/login.defs</emphasis>. One use is to select
whether to load other modules based on this test.
</para>
<para>
The module should be given only one condition as module argument.
Authentication will succeed only if the condition is met.
</para>
</refsect1>
<refsect1 id="pam_usertype-options">
<title>OPTIONS</title>
<para>
The following <emphasis>flag</emphasis>s are supported:
</para>
<variablelist>
<varlistentry>
<term><option>use_uid</option></term>
<listitem>
<para>
Evaluate conditions using the account of the user whose UID
the application is running under instead of the user being
authenticated.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>audit</option></term>
<listitem>
<para>
Log unknown users to the system log.
</para>
</listitem>
</varlistentry>
</variablelist>
<para>
Available <emphasis>condition</emphasis>s are:
</para>
<variablelist>
<varlistentry>
<term><option>issystem</option></term>
<listitem>
<para>Succeed if the user is a system user.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>isregular</option></term>
<listitem>
<para>Succeed if the user is a regular user.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_usertype-types">
<title>MODULE TYPES PROVIDED</title>
<para>
All module types (<option>account</option>, <option>auth</option>,
<option>password</option> and <option>session</option>) are provided.
</para>
</refsect1>
<refsect1 id='pam_usertype-return_values'>
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_SUCCESS</term>
<listitem>
<para>
The condition was true.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>
The condition was false.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_SERVICE_ERR</term>
<listitem>
<para>
A service error occurred or the arguments can't be
parsed correctly.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
User was not found.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_usertype-examples'>
<title>EXAMPLES</title>
<para>
Skip remaining modules if the user is a system user:
</para>
<programlisting>
account sufficient pam_usertype.so issystem
</programlisting>
</refsect1>
<refsect1 id='pam_usertype-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>login.defs</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam_usertype-author'>
<title>AUTHOR</title>
<para>Pavel Březina <pbrezina@redhat.com></para>
</refsect1>
</refentry>