pam_smb_passwd(5) Standards, Environments, and Macros pam_smb_passwd(5)NAME
pam_smb_passwd - SMB password management module
SYNOPSIS
pam_smb_passwd.so.1
DESCRIPTION
The pam_smb_passwd module enhances the PAM password management stack. This functionality supports the changing or adding of SMB passwords
for local Solaris users. The Solaris CIFS server uses SMB passwords to authenticate connected Solaris users. This module includes the
pam_sm_chauthtok(3PAM) function.
The pam_sm_chauthtok() function accepts the following flags:
PAM_PRELIM_CHECK
Always returns PAM_IGNORE.
PAM_SILENT
Suppresses messages.
PAM_UPDATE_AUTHTOK
Updates or creates a new CIFS local LM/NTLM hash for the user that is specified in PAM_USER by using the authentication information
found in PAM_AUTHTOK. The LM hash is only created if the smbd/lmauth_level property value of the smb/server service is set to 3 or
less. PAM_IGNORE is returned if the user is not in the local /etc/passwd repository.
The following options can be passed to the pam_smb_passwd module:
debug
Produces syslog(3C) debugging information at the LOG_AUTH or LOG_DEBUG level.
nowarn
Suppresses warning messages.
FILES
/var/smb/smbpasswd
Stores SMB passwords for Solaris users.
ERRORS
Upon successful completion of pam_sm_chauthtok(), PAM_SUCCESS is returned. The following error codes are returned upon error:
PAM_AUTHTOK_ERR
Authentication token manipulation error
PAM_AUTHTOK_LOCK_BUSY
SMB password file is locked
PAM_PERM_DENIED
Permissions are insufficient for accessing the SMB password file
PAM_SYSTEM_ERR
System error
PAM_USER_UNKNOWN
User is unknown
ATTRIBUTES
See the attributes(5) man page for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Committed |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
SEE ALSO smbd(1M), syslog(3C), libpam(3LIB), pam(3PAM), pam_chauthtok(3PAM), pam_sm(3PAM), pam_sm_chauthtok(3PAM), pam.conf(4), attributes(5)NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The pam_smb_passwd.so.1 module should be stacked following all password qualification modules in the PAM password stack.
SunOS 5.11 29 Apr 2008 pam_smb_passwd(5)
Check Out this Related Man Page
pam_authtok_get(5) Standards, Environments, and Macros pam_authtok_get(5)NAME
pam_authtok_get - authentication and password management module
SYNOPSIS
pam_authtok_get.so.1
DESCRIPTION
The pam_authtok_get service module provides password prompting funtionality to the PAM stack. It implements pam_sm_authenticate() and
pam_sm_chauthtok(), providing functionality to both the Authentication Stack and the Password Management Stack.
Authentication Service
The implementation of pam_sm_authenticate(3PAM) prompts the user name if not set and then tries to get the authentication token from the
pam handle. If the token is not set, it then prompts the user for a password and stores it in the PAM item PAM_AUTHTOK. This module is
meant to be the first module on an authentication stack where users are to authenticate using a keyboard.
Password Management Service
Due to the nature of the PAM Password Management stack traversal mechanism, the pam_sm_chauthtok(3PAM) function is called twice. Once with
the PAM_PRELIM_CHECK flag, and one with the PAM_UPDATE_AUTHTOK flag.
In the first (PRELIM) invocation, the implementation of pam_sm_chauthtok(3PAM) moves the contents of the PAM_AUTHTOK (current authentica-
tion token) to PAM_OLDAUTHTOK, and subsequentially prompts the user for a new password. This new password is stored in PAM_AUTHTOK.
If a previous module has set PAM_OLDAUTHTOK prior to the invocation of pam_authtok_get, this module turns into a NO-OP and immediately
returns PAM_SUCCESS.
In the second (UPDATE) invocation, the user is prompted to Re-enter his password. The pam_sm_chauthtok implementation verifies this reen-
tered password with the password stored in PAM_AUTHTOK. If the passwords match, the module returns PAM_SUCCESS.
The following option can be passed to the module:
debug syslog(3C) debugging information at the LOG_DEBUG level
ERRORS
The authentication service returns the following error codes:
PAM_SUCCESS Successfully obtains authentication token
PAM_SYSTEM_ERR Fails to retrieve username, username is NULL or empty
The password management service returns the following error codes:
PAM_SUCCESS Successfully obtains authentication token
PAM_AUTHTOK_ERR Authentication token manipulation error
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
|MT Level |MT-Safe with exceptions |
+-----------------------------+-----------------------------+
SEE ALSO pam(3PAM), pam_authenticate(3PAM), syslog(3C), libpam(3LIB), pam.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The pam_unix(5) module is no longer supported. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_auth-
tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).
SunOS 5.10 14 Dec 2004 pam_authtok_get(5)