Unix/Linux Go Back    


NetBSD 6.1.5 - man page for pam_ksu (netbsd section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


PAM_KSU(8)			   BSD System Manager's Manual			       PAM_KSU(8)

NAME
     pam_ksu -- Kerberos 5 SU PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_ksu [options]

DESCRIPTION
     The Kerberos 5 SU authentication service module for PAM provides functionality for only one
     PAM category: authentication.  In terms of the module-type parameter, this is the ``auth''
     feature.  The module is specifically designed to be used with the su(1) utility.

   Kerberos 5 SU Authentication Module
     The Kerberos 5 SU authentication component provides functions to verify the identity of a
     user (pam_sm_authenticate()), and determine whether or not the user is authorized to obtain
     the privileges of the target account.  If the target account is ``root'', then the Kerberos
     5 principal used for authentication and authorization will be the ``root'' instance of the
     current user, e.g. ``user/root@REAL.M''.  Otherwise, the principal will simply be the cur-
     rent user's default principal, e.g. ``user@REAL.M''.

     The user is prompted for a password if necessary.	Authorization is performed by comparing
     the Kerberos 5 principal with those listed in the .k5login file in the target account's home
     directory (e.g. /root/.k5login for root).

     The following options may be passed to the authentication module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

     use_first_pass  If the authentication module is not the first in the stack, and a previous
		     module obtained the user's password, that password is used to authenticate
		     the user.	If this fails, the authentication module returns failure without
		     prompting the user for a password.  This option has no effect if the authen-
		     tication module is the first in the stack, or if no previous modules
		     obtained the user's password.

     try_first_pass  This option is similar to the use_first_pass option, except that if the pre-
		     viously obtained password fails, the user is prompted for another password.

SEE ALSO
     su(1), syslog(3), pam.conf(5), pam(8)

BSD					   May 15, 2002 				      BSD
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 11:24 PM.