Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for pam_tsol_account (opensolaris section 5)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

pam_tsol_account(5)	       Standards, Environments, and Macros	      pam_tsol_account(5)

       pam_tsol_account - PAM account management module for Trusted Extensions


       The    Solaris	 Trusted    Extensions	  service    module   for   PAM,   /usr/lib/secu-
       rity/pam_tsol_account.so.1, checks account limitations that are	related  to  labels.  The
       pam_tsol_account.so.1  module is a shared object that can be dynamically loaded to provide
       the necessary functionality upon demand. Its path is specified in  the  PAM  configuration

       pam_tsol_account.so.1	contains    a	 function    to   perform   account   management,
       pam_sm_acct_mgmt(). The function checks for the allowed label range  for  the  user.   The
       allowable  label  range	is  set  by  the  defaults  in the label_encodings(4) file. These
       defaults can be overridden by entries in the user_attr(4) database.

       By default, this module requires that remote hosts connecting to  the   global  zone  must
       have  a	CIPSO  host  type.  To disable this policy, add the allow_unlabeled keyword as an
       option to the entry in pam.conf(4), as in:

	 other	account required    pam_tsol_account allow_unlabeled

       The following options can be passed to the module:

       allow_unlabeled	  Allows remote connections from hosts with unlabeled template types.

       debug		  Provides debugging information at the LOG_DEBUG level. See syslog(3C).

       The following values are returned:

       PAM_SUCCESS	  The account is valid for use at this time and label.

       PAM_PERM_DENIED	  The current process label is outside the user's  label  range,  or  the
			  label  information  for  the process is unavailable, or the remote host
			  type is not valid.

       Other values	  Returns an error code that is consistent with typical  PAM  operations.
			  For  information  on error-related return values, see the pam(3PAM) man

       See attributes(5) for description of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Interface Stability	     |Committed 		   |
       |MT Level		     |MT-Safe with exceptions	   |

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within  the  multi-threaded
       application uses its own PAM handle.

       keylogin(1), libpam(3LIB), pam(3PAM), pam_sm_acct_mgmt(3PAM), pam_start(3PAM), syslog(3C),
       label_encodings(4), pam.conf(4), user_attr(4), attributes(5)

       Chapter 17, Using PAM, in System Administration Guide: Security Services

       The functionality described on this manual page is available only if the system is config-
       ured with Trusted Extensions.

SunOS 5.11				   20 Jul 2007			      pam_tsol_account(5)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 04:20 PM.