pam_localuser — require users to be listed in /etc/passwd
pam_localuser.so [debug] [file=/path/passwd]
pam_localuser is a PAM module to help implementing site-wide login policies, where they typically include a subset of the network's users and a few accounts that are local to a particular workstation. Using pam_localuser and pam_wheel or pam_listfile is an effective way to restrict access to either local users and/or a subset of the network's users.
This could also be implemented using pam_listfile.so and a very short awk script invoked by cron, but it's common enough to have been separated out.
Print debug information.
Use a file other than /etc/passwd.
Module Types Provided
All module types (account, auth, password and session) are provided.
The new localuser was set successfully.
No username was given.
The user is not listed in the passwd file.
Add the following lines to /etc/pam.d/su to allow only local users or group wheel to use su.
account sufficient pam_localuser.so account required pam_wheel.so
Local user account information.
pam.conf(5), pam.d(5), pam(8)