sunos man page for pam_dhkeys

Sunos Man Pages All Man Pages Latest Topics Forum Categories

Query: pam_dhkeys

OS: sunos

Section: 5

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

pam_dhkeys(5)						Standards, Environments, and Macros					     pam_dhkeys(5)


NAME

       pam_dhkeys - authentication Diffie-Hellman keys management module


SYNOPSIS

       pam_dhkeys.so.1


DESCRIPTION

       The  pam_dhkeys.so.1  service  module  provides	functionality to two PAM services: Secure RPC authentication and Secure RPC authentication
       token management.

       Secure RPC authentication differs from regular unix authentication because NIS+ and other ONC RPCs use Secure RPC as the  underlying  secu-
       rity mechanism.

       The following options may be passed to the module:

       debug	       syslog(3C) debugging information at LOG_DEBUG level

       nowarn	       Turn off warning messages

   Authentication Services
       If  the	user  has Diffie-Hellman keys, pam_sm_authenticate() establishes secret keys for the user specified by the PAM_USER (equivalent to
       running keylogin(1)), using the authentication token found in the PAM_AUTHTOK item. Not being able to establish the secret keys results	in
       an  authentication  error if the NIS+ repository is used to authenticate the user and the NIS+ table permissions require secure RPC creden-
       tials to access the password field. If pam_sm_setcred() is called with PAM_ESTABLISH_CRED and the user's secure RPC credentials need to	be
       established, these credentials are set. This is equivalent to running keylogin(1).

       If  the	credentials  could  not be set and PAM_SILENT is not specified, a diagnostic message is displayed. If pam_setcred() is called with
       PAM_DELETE_CRED, the user's secure RPC credentials are unset. This is equivalent to running keylogout(1).

       PAM_REINITIALIZE_CRED and PAM_REFRESH_CRED are not supported and return PAM_IGNORE.

   Authentication Token Management
       The pam_sm_chauthtok() implementation checks whether the old login password decrypts the users secret  keys.  If  it  doesn't  this  module
       prompts the user for an old Secure RPC password and stores it in a pam data item called SUNW_OLDRPCPASS.  This data item can be used by the
       store module to effectively update the users secret keys.


ERRORS

       The authentication service returns the following error codes:

       PAM_SUCCESS	       Credentials set successfully.

       PAM_IGNORE	       Credentials not needed to access the password repository.

       PAM_USER_UNKNOWN        PAM_USER is not set, or the user is unknown.

       PAM_AUTH_ERR	       No secret keys were set. PAM_AUTHTOK is not set, no credentials are present or there is a wrong password.

       PAM_BUF_ERR	       Module ran out of memory.

       PAM_SYSTEM_ERR	       The NIS+ subsystem failed .

       The authentication token management returns the following error codes:

       PAM_SUCCESS	       Old rpc password is set in SUNW_OLDRPCPASS

       PAM_USER_UNKNOWN        User in PAM_USER is unknown.

       PAM_AUTHTOK_ERR	       User did not provide a password that decrypts the secret keys.

       PAM_BUF_ERR	       Module ran out of memory.


ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+


SEE ALSO

       keylogin(1),    keylogout(1),	pam(3PAM),    pam_authenticate(3PAM),	 pam_chauthtok(3PAM),	 pam_setcred(3PAM),    pam_get_item(3PAM),
       pam_set_data(3PAM),  pam_get_data(3PAM),  syslog(3C),  libpam(3LIB),  pam.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5),
       pam_authtok_store(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)


NOTES

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

       The pam_unix(5) module is no longer supported. Similar functionality is provided  by  pam_authtok_check(5),  pam_authtok_get(5),  pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10							    21 Jan 2003 						     pam_dhkeys(5)
Related Man Pages
pam_dhkeys(5) - opensolaris
pam_dhkeys(5) - sunos
pam_dhkeys(5) - suse
pam_dhkeys(5) - opendarwin
pam_dhkeys(5) - minix
Similar Topics in the Unix Linux Community
Secure Portal 1.0.0 (Default branch)
Secure Portal 1.2.0 (Default branch)
Secure Portal 1.2.2 (Default branch)
Secure Portal 1.2.3 (Default branch)
Secure Portal 3.0.0 (Default branch)