Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pklogin_finder(1) [opensolaris man page]

pklogin_finder(1)						   User Commands						 pklogin_finder(1)

NAME
pklogin_finder - map certificates into a user SYNOPSIS
/usr/lib/pam_pkcs11/pklogin_finder [debug] [config_file=filename] DESCRIPTION
pklogin_finder uses the pam_pkcs11 library infrastructure to interactively map a PKCS#11 provided certificate to a user. pklogin_finder uses the same configuration file and arguments than pam_pkcs11(5) PAM module. It loads defined mapper modules and tries to find a map between found certificates and a user login. OPTIONS
The following options are supported: config_file=fileame Set the configuration file. The default value is /etc/security/pam_pkcs11/pam_pkcs11.conf. debug Enable debugging output. The default is no debug. As it uses the same configuration file as pam_pkcs11(5), all of the pam_pkcs11 options are available. Some of these options make no sense in a non-PAM environment, and are therefore ignored. Some mapper options (mapfile, ignorecase) have no effect on certificate contents, and they are ignored as well. EXIT STATUS
The following exit values are returned: 0 Successful completion. pkcs11_inspect prints on stdout the login name and exits. 1 An error occurred. A user mapping error was found. 2 An error occurred. No user match was found. EXAMPLES
Example 1 Using pklogin_finder The following example runs the pklogin_finder command without any options: % pkcs11_inspect Example 2 Using pklogin_finder with Options The following example runs the pkcs_finder command with options: % pklogin_finder debug config_file=${HOME}/.pam_pkcs11.conf FILES
/etc/security/pam_pkcs11/pam_pkcs11.conf AUTHORS
Juan Antonio Martinez, jonsito@teleline.es ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWpampkcs11u, SUNWpamp- | | |kcs11r, SUNWpampkcs11-docs | +-----------------------------+-----------------------------+ |Interface Stability |Uncommitted | +-----------------------------+-----------------------------+ SEE ALSO
pkcs11_inspect(1), attributes(5), pam_pkcs11(5) PAM-PKCS11 User Manual, http://www.opensc-project.org/pam_pkcs11 SunOS 5.11 17 Jul 2008 pklogin_finder(1)

Check Out this Related Man Page

SYSTEM-AUTH-AC(5)						File Formats Manual						 SYSTEM-AUTH-AC(5)

NAME
system-auth-ac, password-auth-ac, smartcard-auth-ac, fingerprint-auth-ac, postlogin-ac - Common configuration files for PAMified services written by authconfig(8) SYNOPSIS
/etc/pam.d/system-auth-ac DESCRIPTION
The purpose of this configuration file is to provide common configuration file for all applications and service daemons calling PAM library. The system-auth configuration file is included from all individual service configuration files with the help of the include directive. When authconfig(8) writes the system PAM configuration file it replaces the default system-auth file with a symlink pointing to system-auth-ac and writes the configuration to this file. The symlink is not changed on subsequent configuration changes even if it points elsewhere. This allows system administrators to override the configuration written by authconfig. The authconfig now writes the authentication modules also into additional PAM configuration files /etc/pam.d/password-auth-ac, /etc/pam.d/smartcard-auth-ac, and /etc/pam.d/fingerprint-auth-ac. These configuration files contain only modules which perform authentica- tion with the respective kinds of authentication tokens. For example /etc/pam.d/smartcard-auth[-ac] will not contain pam_unix and pam_ldap modules and /etc/pam.d/password-auth[-ac] will not contain pam_pkcs11 and pam_fprintd modules. The file /etc/pam.d/postlogin-ac contains common services to be invoked after login. An example can be a module that encrypts an user's filesystem or user's keyring and is decrypted by his password. The PAM configuration files of services which are accessed by remote connections such as sshd or ftpd now include the /etc/pam.d/password- auth configuration file instead of /etc/pam.d/system-auth. EXAMPLE
Configure system to use pam_tally2 for configuration of maximum number of failed logins. Also call pam_access to verify if access is allowed. Make system-auth symlink point to system-auth-local which contains: auth requisite pam_access.so auth requisite pam_tally2.so deny=3 lock_time=30 unlock_time=3600 auth include system-auth-ac account required pam_tally2.so account include system-auth-ac password include system-auth-ac session include system-auth-ac BUGS
None known. SEE ALSO
authconfig(8), authconfig-gtk(8), pam(8), system-auth(5) Red Hat, Inc. 2010 March 31 SYSTEM-AUTH-AC(5)
Man Page