Provided by: libpam-geoip_2.1.1-8_amd64 bug

NAME
       pam_geoip - GeoIP account management module for (Linux-)PAM


SYNOPSIS
        account required pam_geoip.so [system_file=file] [geoip_db=file]
               [action=name] [language=name] [debug]


DESCRIPTION
       The pam_geoip module provides a check if the remote logged in user is logged in from a given location.
       This is similar to pam_access(8), but uses a GeoIP2 City or GeoIP2 Country database instead of host name
       / IP matching.

       The matching is done on given country and city names or on distance from a given location. With a country
       database only matches of the countries are possible.

       This PAM module provides the account hook only.

       If an IP is not found in the GeoIP2 database, the location to match against is set to "UNKNOWN, *", no
       distance matching is possible for these, of course.

       If a file named /etc/security/geoip.SERVICE.conf (with SERVICE being the name of the PAM service) can be
       opened, this is used instead of the default /etc/security/geoip.conf.

       The first matching entry in the geoip.conf(5) file wins, i.e. the action given in this line will be
       returned to PAM:

       allow
           PAM_SUCCESS

       deny
           PAM_PERM_DENIED

       ignore
           PAM_IGNORE


OPTIONS
       These options may be given in the PAM config file as parameters:

       system_file=/path/to/geoip.conf
           The  configuration  file  for  pam_geoip. Default is /etc/security/geoip.conf. For the format of this
           file, see geoip.conf(5).

           NOTE: when a file /etc/security/geoip.SERVICE.conf file is present,  this  switch  is  ignored  (with
           "SERVICE" being the name of the PAM service, e.g.  "sshd").

       geoip_db=/path/to/GeoLite2-City.mmdb
           The  GeoIP2  database  to  use. Default: /usr/share/GeoIP/GeoLite2-City.mmdb.  This must be a "GeoIP2
           City Edition" or a "GeoIP2 Country Edition" file,  see  <https://www.maxmind.com/en/geoip2-databases>
           and <https://dev.maxmind.com/geoip/geoip2/geolite2/> for more information.

           The database can contain IPv4 or IPv6 addresses or both.

       action=ACTION
           Sets  the default action if no location matches. Default is "deny". Other possible values are "allow"
           or "ignore". For the meanigns of these, see above.

       language=NAME
           Sets the language to be used to find names (city etc.). Default is "en".

       debug
           Adds some debugging output to syslog.


FILES
       /etc/security/geoip.conf
           The default configuration file for this module

       /etc/security/geoip.SERVICE.conf
           The default configuration file for PAM service SERVICE

       /etc/pam.d/*
           The PAM(7) configuration files


SEE ALSO
       geoip.conf(5), pam_access(8), pam.d(5), pam(7)


AUTHOR
       Amish - GeoIP2 Hanno Hecker - Legacy GeoIP "<vetinari@ankh-morp.org>"

                                                   2024-02-05                                       pam_geoip(8)