pam_eaccess is a PAM module which add a generic way to do authorization. Indeed, for each service (for which you want add authorization) you can define the list of users (or all) who are allowed to connect to this service.

• file backend
• per service definition

• LDAP backend
• SQL backend
• Per user IP source filter

# svn co http://svn.asyd.net/svn/pam_eaccess/tags/20051107 pam_eaccess
# autoconf
# ./configure
# make
# sudo make install

Then, check if you have /lib/security/pam_eaccess.so

Well, it's actually very simple, you just need to add the following line to pam config :

auth       required     pam_eaccess.so 

Note: the keyword debug is supported.

Note: this filename is actually hardcoded, you can't use another destination

pamtest: asyd, bruno
login: [ALL]

This file has the following form :

• one service per line, the service name MUST be followed by :
• users lists coma separated

The keyword [ALL] which can be used for service and/or users act as a wildcard.