Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

OpenSolaris 2009.06 - man page for pam_unix_cred (opensolaris section 5)

pam_unix_cred(5)	       Standards, Environments, and Macros		 pam_unix_cred(5)

NAME
       pam_unix_cred - PAM user credential authentication module for UNIX

SYNOPSIS
       pam_unix_cred.so.1

DESCRIPTION
       The  pam_unix_cred  module  implements  pam_sm_setcred(3PAM).  It  provides functions that
       establish user credential information. It is a module separate from  the  pam_unix_auth(5)
       module  to  allow  replacement  of the authentication functionality independently from the
       credential functionality.

       The pam_unix_cred module must always be stacked along with whatever authentication  module
       is used to ensure correct credential setting.

       Authentication  service	modules must implement both pam_sm_authenticate() and pam_sm_set-
       cred().

       pam_sm_authenticate() in this module always returns PAM_IGNORE.

       pam_sm_setcred() initializes the user's project, privilege sets and initializes or updates
       the user's audit context if it hasn't already been initialized. The following flags may be
       set in the flags field:

       PAM_ESTABLISH_CRED
       PAM_REFRESH_CRED
       PAM_REINITIALIZE_CRED

	   Initializes the user's project  to  the  project  specified	in  PAM_RESOURCE,  or  if
	   PAM_RESOURCE  is  not specified, to the user's default project. Establishes the user's
	   privilege sets.

	   If the audit context is not already initialized  and  auditing  is  configured,  these
	   flags  cause  the context to be initialized to that of the user specified in PAM_AUSER
	   (if any) merged with the user specified in PAM_USER and host specified  in  PAM_RHOST.
	   If  PAM_RHOST is not specified, PAM_TTY specifies the local terminal name. Attributing
	   audit to PAM_AUSER and merging PAM_USER is required for correctly attributing auditing
	   when the system entry is performed by another user that can be identified as trustwor-
	   thy.

	   If the audit context is already initialized, the PAM_REINITIALIZE_CRED flag merges the
	   current  audit  context  with  that	of the user specified in PAM_USER. PAM_REINITIAL-
	   IZE_CRED is useful when a user is assuming a new identity, as with su(1M).

       PAM_DELETE_CRED

	   This flag has no effect and always returns PAM_SUCCESS.

       The following options are interpreted:

       debug	 Provides syslog(3C) debugging information at the LOG_DEBUG level.

       nowarn	 Disables any warning messages.

ERRORS
       Upon successful completion of pam_sm_setcred(), PAM_SUCCESS  is	returned.  The	following
       error codes are returned upon error:

       PAM_CRED_UNAVAIL    Underlying authentication service cannot retrieve user credentials

       PAM_CRED_EXPIRED    User credentials have expired

       PAM_USER_UNKNOWN    User is unknown to the authentication service

       PAM_CRED_ERR	   Failure in setting user credentials

       PAM_BUF_ERR	   Memory buffer error

       PAM_SYSTEM_ERR	   System error

       The following values are returned from pam_sm_authenticate():

       PAM_IGNORE    Ignores this module regardless of the control flag

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+

SEE ALSO
       ssh(1),	  su(1M),    settaskid(2),    libpam(3LIB),    getprojent(3PROJECT),   pam(3PAM),
       pam_set_item(3PAM),	   pam_sm_authenticate(3PAM),	      syslog(3C),	  setpro-
       ject(3PROJECT),pam.conf(4),   nsswitch.conf(4),	 project(4),   attributes(5),	pam_auth-
       tok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),
       pam_unix_auth(5), pam_unix_account(5), pam_unix_session(5), privileges(5)

NOTES
       The  interfaces	in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded
       application uses its own PAM handle.

       If this module is replaced, the audit context and credential may not be correctly  config-
       ured.

SunOS 5.11				    9 Mar 2005				 pam_unix_cred(5)


All times are GMT -4. The time now is 10:58 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password