Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_unix(8) [netbsd man page]

PAM_UNIX(8)						    BSD System Manager's Manual 					       PAM_UNIX(8)

NAME

     pam_unix -- UNIX PAM module

SYNOPSIS

     [service-name] module-type control-flag pam_unix [options]

DESCRIPTION

     The UNIX authentication service module for PAM provides functionality for two PAM categories: authentication and account management.  In
     terms of the module-type parameter, they are the ``auth'' and ``account'' features.  It also provides a null function for session management.

   UNIX Authentication Module
     The UNIX authentication component provides functions to verify the identity of a user (pam_sm_authenticate()), which obtains the relevant
     passwd(5) entry.  It prompts the user for a password and verifies that this is correct with crypt(3).

     The following options may be passed to the authentication module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

     use_first_pass  If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password
		     is used to authenticate the user.	If this fails, the authentication module returns failure without prompting the user for a
		     password.	This option has no effect if the authentication module is the first in the stack, or if no previous modules
		     obtained the user's password.

     try_first_pass  This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is
		     prompted for another password.

     auth_as_self    This option will require the user to authenticate himself as the user given by getlogin(2), not as the account they are
		     attempting to access.  This is primarily for services like su(1), where the user's ability to retype their own password might
		     be deemed sufficient.

     nullok	     If the password database has no password for the entity being authenticated, then this option will forgo password prompting,
		     and silently allow authentication to succeed.

   UNIX Account Management Module
     The UNIX account management component provides a function to perform account management, pam_sm_acct_mgmt().  The function verifies that the
     authenticated user is allowed to login to the local user account by checking the password expiry date.

     The following options may be passed to the management module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

   UNIX Password Management Module
     The UNIX password management component provides a function to perform account management, pam_sm_chauthtok().  The function changes the
     user's password.

     The following options may be passed to the password module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

     no_warn	     suppress warning messages to the user.  These messages include reasons why the user's authentication attempt was declined.

     passwd_db=name  Change the user's password only the specified password database.  Valid password database names are:

		     files  local password file

		     nis    NIS password database

FILES

     /etc/master.passwd  default UNIX password database.

SEE ALSO

     passwd(1), getlogin(2), crypt(3), getpwent(3), syslog(3), nsswitch.conf(5), passwd(5), nis(8), pam(8)

BSD
								 February 26, 2005							       BSD

Check Out this Related Man Page

pam_dce(5)																pam_dce(5)

NAME

       pam_dce - authentication, account, and password management PAM functions for DCE

SYNOPSIS

       /usr/lib/security/libpam_dce.so.1

DESCRIPTION

       The  DCE  PAM  modules allow integration of DCE into the system entry services (such as login, telnet, rlogin, ftp) through the pam.conf(4)
       file.  The DCE service module for PAM consists of the following three modules: the authentication module, the  account  management  module,
       and  the  password management module.  All three modules are supported through the same loadable library, /usr/lib/security/libpam_dce.so.1
       is the interface that services the requests from These requests will be communicated to the DCE security server, which in  turn	sends  the
       response back to ilogind. This response is then sent back to /usr/lib/security/libpam_dce.so.1.

Authentication Module
       The  authentication  module certifies the identity of a user and the user's credentials.  It passes the authentication key derived from the
       user's password to the DCE Security Service.  The Security Service then uses the authentication key to certify the user and the user's cre-
       dentials.  The following options can be passed to the authentication module through the pam.conf(4) file:

	      debug	     Turn on syslog debugging at the LOG_DEBUG level.

	      nowarn	     Turn off warning messages about not being able to acquire DCE credentials.

	      use_first_pass Use  the initial password (entered when the user is authenticated to the first authentication module in the stack) to
			     authenticate with DCE.  If the user can not be authenticated or if this is the first  authentication  module  in  the
			     stack,  quit and do not prompt a password. It is recommended that this option be used only if the authentication mod-
			     ule is designated as optional in the pam.conf(4) configuration file.

	      try_first_pass Use the initial password (entered when the user is authenticated to the first authentication module in the PAM stack)
			     to  authenticate  with DCE.  If the user cannot be authenticated or if this is the first authentication module in the
			     stack, prompt for a password.

       A user must be authenticated and the user's credentials set before a system entry service can access any file directories owned by the user
       that are mounted through DTS.

Account Management Module
       The account management module provides a function to perform account management (pam_sm_acct_mgmt(3)).  sends a request to the
	DCE  implementation  of  pam_sm_acct_mgmt(3)  function which retrieves the user's account and password expiration information from the DCE
       Security Server and verifies that the user's account and password have not expired.  The following options can be  passed  to  the  account
       module through the pam.conf(4) file:

	      debug		  Turn on syslog debugging at the LOG_DEBUG level.

	      nowarn		  Turn off warning messages displayed when a user's account and/or password are going to expire.

       pam_sm_acct_mgmt(3) calls the function sec_login_inquire_net_info(3) to retrieve information about when a user's account and/or password is
       going to expire.

Password Management Module
       The password management module provides a function to change passwords (pam_sm_chauthtok(3)).  The following options can be passed  to  the
       password module through the pam.conf(4) file:

	      debug	     Turn on syslog debugging at the LOG_DEBUG level.

	      nowarn	     Turn off warning messages about not being able to change passwords.

	      try_first_pass Use  the  initial	password (entered to the first password module in the PAM stack) to authenticate with DCE.  If the
			     user cannot be authenticated or if this is the first password module in the stack, prompt for a password.

	      use_first_pass Use the initial password (entered to the first password module in the PAM stack) to authenticate with  DCE.  If  user
			     cannot  be authenticated or if this is the first password module in the stack, quit and do not prompt for a password.
			     It is recommended that this option be used only if  the  DCE  password  module  is  designated  as  optional  in  the
			     pam.conf(4) configuration file.

SEE ALSO

       pam(3),	  sec_login_setup_identity(3),	  sec_login_valid_and_cert_ident(3),	sec_login_set_context(3),   sec_login_inquire_net_info(3),
       pam.conf(4), pam_unix(5) ilogind(1m)

HP DCE
																	pam_dce(5)
Man Page