Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_unix_cred(5) [v7 man page]

pam_unix_cred(5)					Standards, Environments, and Macros					  pam_unix_cred(5)

NAME
pam_unix_cred - PAM user credential authentication module for UNIX SYNOPSIS
pam_unix_cred.so.1 DESCRIPTION
The pam_unix_cred module implements pam_sm_setcred(3PAM). It provides functions that establish user credential information. It is a module separate from the pam_unix_auth(5) module to allow replacement of the authentication functionality independently from the credential func- tionality. The pam_unix_cred module must always be stacked along with whatever authentication module is used to ensure correct credential setting. Authentication service modules must implement both pam_sm_authenticate() and pam_sm_setcred(). pam_sm_authenticate() in this module always returns PAM_IGNORE. pam_sm_setcred() initializes the user's project, privilege sets and initializes or updates the user's audit context if it hasn't already been initialized. The following flags may be set in the flags field: PAM_ESTABLISH_CRED Initializes the user's project to the project specified in PAM_RESOURCE, or if PAM_RESOURCE is not specified, to PAM_REFRESH_CRED the user's default project. Establishes the user's privilege sets. PAM_REINITIALIZE_CRED If the audit context is not already initialized and auditing is configured, these flags cause the context to be initialized to that of the user specified in PAM_USER and host specified in PAM_RHOST. If PAM_RHOST is not speci- fied, the local host is used. Additionally, if the audit context is already initialized, the PAM_REINITIALIZE_CRED flag merges the current audit context with that of the user specified in PAM_USER. PAM_REINITIALIZE_CRED is useful when a user is assuming a new identity, as with su(1M). PAM_DELETE_CRED This flag has no effect and always returns PAM_SUCCESS. The following options are interpreted: debug Provides syslog(3C) debugging information at the LOG_DEBUG level. nowarn Disables any warning messages. ERRORS
Upon successful completion of pam_sm_setcred(), PAM_SUCCESS is returned. The following error codes are returned upon error: PAM_CRED_UNAVAIL Underlying authentication service cannot retrieve user credentials PAM_CRED_EXPIRED User credentials have expired PAM_USER_UNKNOWN User is unknown to the authentication service PAM_CRED_ERR Failure in setting user credentials PAM_BUF_ERR Memory buffer error PAM_SYSTEM_ERR System error The following values are returned from pam_sm_authenticate(): PAM_IGNORE Ignores this module regardless of the control flag ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Interface Stability |Evolving | +-----------------------------+-----------------------------+ |MT Level |MT-Safe with exceptions | +-----------------------------+-----------------------------+ SEE ALSO
su(1M), settaskid(2), libpam(3LIB), getprojent(3PROJECT), pam(3PAM), pam_set_item(3PAM), pam_sm_authenticate(3PAM), syslog(3C), setpro- ject(3PROJECT),pam.conf(4), nsswitch.conf(4), project(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_auth(5), pam_unix_account(5), pam_unix_session(5), privileges(5) NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle. If this module is replaced, the audit context and credential may not be correctly configured. SunOS 5.10 29 Jul 2004 pam_unix_cred(5)
Man Page