Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_smartcard(5) [opensolaris man page]

pam_smartcard(5)					Standards, Environments, and Macros					  pam_smartcard(5)

NAME
pam_smartcard - PAM authentication module for Smart Card SYNOPSIS
/usr/lib/security/pam_smartcard.so DESCRIPTION
The Smart Card service module for PAM, /usr/lib/security/pam_smartcard.so, provides functionality to obtain a user's information (such as user name and password) for a smart card. The pam_smartcard.so module is a shared object that can be dynamically loaded to provide the nec- essary functionality upon demand. Its path is specified in the PAM configuration file pam.conf. See pam.conf(4). Smart Card Authentication Module The Smart Card authentication component provides the pam_sm_authenticate(3PAM) function to verify the identity of a smart card user. The pam_sm_authenticate() function collects as user input the PIN number. It passes this data back to its underlying layer, OCF, to perform PIN verification. If verification is successful, the module returns PAM_SUCCESS, and passes the username and password from the smart card to PAM modules stacked below.pam_smartcard. The following options can be passed to the Smart Card service module: debug syslog(3C) debugging information at LOG_DEBUG level. nowarn Turn off warning messages. verbose Turn on verbose authentication failure reporting to the user. Smart Card Module Configuration The PAM smart card module (pam_smartcard) can be configured in the PAM configuration file (/etc/pam.conf). For example, the following con- figuration on on the desktop (Common Desktop Environment) forces a user to use a smart card for logging in. The following are typical values set by 'smartcard -c enable', if the command is applied to the default configuration. dtlogin auth requisite pam_smartcard.so.1 dtlogin auth required pam_authtok_get.so.1 dtlogin auth required pam_dhkeys.so.1 dtsession auth requisite pam_smartcard.so.1 dtsession auth required pam_authtok_get.so.1 dtsession auth required pam_dhkeys.so.1 SEE ALSO
smartcard(1M), libpam(3LIB), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), pam.conf(4), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5) NOTES
The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth- tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5). SunOS 5.11 24 Oct 2002 pam_smartcard(5)

Check Out this Related Man Page

pam_passwd_auth(5)                                      Standards, Environments, and Macros                                     pam_passwd_auth(5)

NAME
pam_passwd_auth - authentication module for password SYNOPSIS
pam_passwd_auth.so.1 DESCRIPTION
pam_passwd_auth provides authentication functionality to the password service as implemented by passwd(1). It differs from the standard PAM authentication modules in its prompting behavior. The name of the user whose password attributes are to be updated must be present in the PAM_USER item. This can be accomplished due to a previous call to pam_start(3PAM), or explicitly set by pam_set_item(3PAM). Based on the current user-id and the repository that is to by updated, the module determines whether a password is necessary for a successful update of the password repository, and if so, which pass- word is required. The following option can be passed to the module: debug syslog(3C) debugging information at the LOG_DEBUG level nowarn Turn off warning messages server_policy If the account authority for the user, as specified by PAM_USER, is a server, do not apply the Unix policy from the passwd entry in the name service switch. ERRORS
The following error codes are returned: PAM_BUF_ERR Memory buffer error PAM_IGNORE Ignore module, not participating in result PAM_SUCCESS Successfully obtains authentication token PAM_SYSTEM_ERR System error ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ |MT Level |MT-Safe with exceptions | +-----------------------------+-----------------------------+ SEE ALSO
passwd(1), pam(3PAM), pam_authenticate(3PAM), pam_start(3PAM), pam_set_item(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5) NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle. This module relies on the value of the current real UID, this module is only safe for MT-applications that don't change UIDs during the call to pam_authenticate(3PAM). The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth- tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5). SunOS 5.10 10 Aug 2002 pam_passwd_auth(5)
Man Page