pam_allow(5) Standards, Environments, and Macros pam_allow(5)NAME
pam_allow - PAM authentication, account, session and password management PAM module to allow operations
SYNOPSIS
pam_allow.so.1
DESCRIPTION
The pam_allow module implements all the PAM service module functions and returns PAM_SUCCESS for all calls. Opposite functionality is
available in the pam_deny(5) module.
Proper Solaris authentication operation requires pam_unix_cred(5) be stacked above pam_allow.
The following options are interpreted:
debug Provides syslog(3C) debugging information at the LOG_AUTH | LOG_DEBUG level.
ERRORS
PAM_SUCCESS is always returned.
EXAMPLES
Example 1 Allowing ssh none
The following example is a pam.conf fragment that illustrates a sample for allowing ssh none authentication:
sshd-none auth required pam_unix_cred.so.1
sshd-none auth sufficient pam_allow.so.1
sshd-none account sufficient pam_allow.so.1
sshd-none session sufficient pam_allow.so.1
sshd-none password sufficient pam_allow.so.1
Example 2 Allowing Kiosk Automatic Login Service
The following is example is a pam.conf fragment that illustrates a sample for allowing gdm kiosk auto login:
gdm-autologin auth required pam_unix_cred.so.1
gdm-autologin auth sufficient pam_allow.so.1
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Stable |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
SEE ALSO libpam(3LIB), pam(3PAM), pam_sm(3PAM), syslog(3C), pam.conf(4), attributes(5), pam_deny(5), pam_unix_cred(5)NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
This module is intended to be used to either allow access to specific services names, or to all service names not specified (by specifying
it as the default service stack).
SunOS 5.11 25 Aug 2005 pam_allow(5)
Check Out this Related Man Page
pam_unix_cred(5) Standards, Environments, and Macros pam_unix_cred(5)NAME
pam_unix_cred - PAM user credential authentication module for UNIX
SYNOPSIS
pam_unix_cred.so.1
DESCRIPTION
The pam_unix_cred module implements pam_sm_setcred(3PAM). It provides functions that establish user credential information. It is a module
separate from the pam_unix_auth(5) module to allow replacement of the authentication functionality independently from the credential func-
tionality.
The pam_unix_cred module must always be stacked along with whatever authentication module is used to ensure correct credential setting.
Authentication service modules must implement both pam_sm_authenticate() and pam_sm_setcred().
pam_sm_authenticate() in this module always returns PAM_IGNORE.
pam_sm_setcred() initializes the user's project, privilege sets and initializes or updates the user's audit context if it hasn't already
been initialized. The following flags may be set in the flags field:
PAM_ESTABLISH_CRED Initializes the user's project to the project specified in PAM_RESOURCE, or if PAM_RESOURCE is not specified, to
PAM_REFRESH_CRED the user's default project. Establishes the user's privilege sets.
PAM_REINITIALIZE_CRED
If the audit context is not already initialized and auditing is configured, these flags cause the context to be
initialized to that of the user specified in PAM_USER and host specified in PAM_RHOST. If PAM_RHOST is not speci-
fied, the local host is used. Additionally, if the audit context is already initialized, the PAM_REINITIALIZE_CRED
flag merges the current audit context with that of the user specified in PAM_USER. PAM_REINITIALIZE_CRED is useful
when a user is assuming a new identity, as with su(1M).
PAM_DELETE_CRED This flag has no effect and always returns PAM_SUCCESS.
The following options are interpreted:
debug Provides syslog(3C) debugging information at the LOG_DEBUG level.
nowarn Disables any warning messages.
ERRORS
Upon successful completion of pam_sm_setcred(), PAM_SUCCESS is returned. The following error codes are returned upon error:
PAM_CRED_UNAVAIL Underlying authentication service cannot retrieve user credentials
PAM_CRED_EXPIRED User credentials have expired
PAM_USER_UNKNOWN User is unknown to the authentication service
PAM_CRED_ERR Failure in setting user credentials
PAM_BUF_ERR Memory buffer error
PAM_SYSTEM_ERR System error
The following values are returned from pam_sm_authenticate():
PAM_IGNORE Ignores this module regardless of the control flag
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
SEE ALSO su(1M), settaskid(2), libpam(3LIB), getprojent(3PROJECT), pam(3PAM), pam_set_item(3PAM), pam_sm_authenticate(3PAM), syslog(3C), setpro-
ject(3PROJECT),pam.conf(4), nsswitch.conf(4), project(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5),
pam_dhkeys(5), pam_passwd_auth(5), pam_unix_auth(5), pam_unix_account(5), pam_unix_session(5), privileges(5)NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
If this module is replaced, the audit context and credential may not be correctly configured.
SunOS 5.10 29 Jul 2004 pam_unix_cred(5)