Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for pam_dhkeys (opensolaris section 5)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

pam_dhkeys(5)		       Standards, Environments, and Macros		    pam_dhkeys(5)

       pam_dhkeys - authentication Diffie-Hellman keys management module


       The  pam_dhkeys.so.1 service module provides functionality to two PAM services: Secure RPC
       authentication and Secure RPC authentication token management.

       Secure RPC authentication differs from regular unix authentication because NIS+ and  other
       ONC RPCs use Secure RPC as the underlying security mechanism.

       The following options may be passed to the module:

       debug	 syslog(3C) debugging information at LOG_DEBUG level

       nowarn	 Turn off warning messages

   Authentication Services
       If the user has Diffie-Hellman keys, pam_sm_authenticate() establishes secret keys for the
       user specified by the PAM_USER (equivalent to running keylogin(1)), using the  authentica-
       tion  token  found  in  the  PAM_AUTHTOK item. Not being able to establish the secret keys
       results in an authentication error if the NIS+ repository is used to authenticate the user
       and  the  NIS+  table  permissions  require  secure RPC credentials to access the password
       field. If pam_sm_setcred() is called with PAM_ESTABLISH_CRED and  the  user's  secure  RPC
       credentials  need to be established, these credentials are set. This is equivalent to run-
       ning keylogin(1).

       If the credentials could not be set and PAM_SILENT is not specified, a diagnostic  message
       is  displayed. If pam_setcred() is called with PAM_DELETE_CRED, the user's secure RPC cre-
       dentials are unset. This is equivalent to running keylogout(1).

       PAM_REINITIALIZE_CRED and PAM_REFRESH_CRED are not supported and return PAM_IGNORE.

   Authentication Token Management
       The pam_sm_chauthtok() implementation checks whether the old login password  decrypts  the
       users  secret keys. If it doesn't this module prompts the user for an old Secure RPC pass-
       word and stores it in a pam data item called SUNW_OLDRPCPASS. This data item can  be  used
       by the store module to effectively update the users secret keys.

       The authentication service returns the following error codes:

       PAM_SUCCESS	   Credentials set successfully.

       PAM_IGNORE	   Credentials not needed to access the password repository.

       PAM_USER_UNKNOWN    PAM_USER is not set, or the user is unknown.

       PAM_AUTH_ERR	   No  secret  keys  were set. PAM_AUTHTOK is not set, no credentials are
			   present or there is a wrong password.

       PAM_BUF_ERR	   Module ran out of memory.

       PAM_SYSTEM_ERR	   The NIS+ subsystem failed .

       The authentication token management returns the following error codes:

       PAM_SUCCESS	   Old rpc password is set in SUNW_OLDRPCPASS

       PAM_USER_UNKNOWN    User in PAM_USER is unknown.

       PAM_AUTHTOK_ERR	   User did not provide a password that decrypts the secret keys.

       PAM_BUF_ERR	   Module ran out of memory.

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Interface Stability	     |Evolving			   |
       |MT Level		     |MT-Safe with exceptions	   |

       keylogin(1),   keylogout(1),   pam(3PAM),   pam_authenticate(3PAM),   pam_chauthtok(3PAM),
       pam_setcred(3PAM), pam_get_item(3PAM), pam_set_data(3PAM), pam_get_data(3PAM), syslog(3C),
       libpam(3LIB),  pam.conf(4),   attributes(5),   pam_authtok_check(5),   pam_authtok_get(5),
       pam_authtok_store(5),	 pam_passwd_auth(5),	pam_unix_account(5),	pam_unix_auth(5),

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within  the  multi-threaded
       application uses its own PAM handle.

       The  pam_unix(5)  module  is  no  longer  supported.  Similar functionality is provided by
       pam_authtok_check(5),	 pam_authtok_get(5),	 pam_authtok_store(5),	   pam_dhkeys(5),
       pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.11				   21 Jan 2003				    pam_dhkeys(5)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 12:00 PM.