pam_allow Module

Purpose

Returns PAM_SUCCESS for all PAM module types.

Description

The pam_allow module returns PAM_SUCCESS to all calling applications unless an invalid PAM handle is specified. Support for all four module types is provided.

Attention: This module should be used with caution and should often only be used for PAM debugging purposes. Placing this module in the PAM stack for a service could potentially grant access to all users.

Functionality opposite to that provided by pam_allow can be obtained through use of the pam_prohibit module.

Supported PAM module types

Authentication: Returns PAM_SUCCESS if valid PAM handle.
Account Management: Returns PAM_SUCCESS if valid PAM handle.
Session Management: Returns PAM_SUCCESS if valid PAM handle.
Password Management: Returns PAM_SUCCESS if valid PAM handle.

Options

The pam_allow module accepts the following parameters specified as options in the PAM configuration file:

Item	Description
debug	Log debugging information to syslog.
nowarn	Do not display warning messages.

Return Values

Upon successful completion the pam_allow module returns PAM_SUCCESS. If an invalid PAM handle was specified, PAM_SYSTEM_ERR is returned.

Location

/usr/lib/security/pam_allow