Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

NetBSD 6.1.5 - man page for pam_ksu (netbsd section 8)

PAM_KSU(8)			   BSD System Manager's Manual			       PAM_KSU(8)

     pam_ksu -- Kerberos 5 SU PAM module

     [service-name] module-type control-flag pam_ksu [options]

     The Kerberos 5 SU authentication service module for PAM provides functionality for only one
     PAM category: authentication.  In terms of the module-type parameter, this is the ``auth''
     feature.  The module is specifically designed to be used with the su(1) utility.

   Kerberos 5 SU Authentication Module
     The Kerberos 5 SU authentication component provides functions to verify the identity of a
     user (pam_sm_authenticate()), and determine whether or not the user is authorized to obtain
     the privileges of the target account.  If the target account is ``root'', then the Kerberos
     5 principal used for authentication and authorization will be the ``root'' instance of the
     current user, e.g. ``user/root@REAL.M''.  Otherwise, the principal will simply be the cur-
     rent user's default principal, e.g. ``user@REAL.M''.

     The user is prompted for a password if necessary.	Authorization is performed by comparing
     the Kerberos 5 principal with those listed in the .k5login file in the target account's home
     directory (e.g. /root/.k5login for root).

     The following options may be passed to the authentication module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

     use_first_pass  If the authentication module is not the first in the stack, and a previous
		     module obtained the user's password, that password is used to authenticate
		     the user.	If this fails, the authentication module returns failure without
		     prompting the user for a password.  This option has no effect if the authen-
		     tication module is the first in the stack, or if no previous modules
		     obtained the user's password.

     try_first_pass  This option is similar to the use_first_pass option, except that if the pre-
		     viously obtained password fails, the user is prompted for another password.

     su(1), syslog(3), pam.conf(5), pam(8)

BSD					   May 15, 2002 				      BSD

All times are GMT -4. The time now is 01:51 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password