x11r4 man page for pam_dhkeys

Query: pam_dhkeys

OS: x11r4

Section: 5

Links: x11r4 man pages   all man pages

Forums: unix linux community   forum categories

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

pam_dhkeys(5)						Standards, Environments, and Macros					     pam_dhkeys(5)


NAME

       pam_dhkeys - authentication Diffie-Hellman keys management module


SYNOPSIS

       pam_dhkeys.so.1


DESCRIPTION

       The  pam_dhkeys.so.1  service  module  provides	functionality to two PAM services: Secure RPC authentication and Secure RPC authentication
       token management.

       Secure RPC authentication differs from regular unix authentication because NIS+ and other ONC RPCs use Secure RPC as the  underlying  secu-
       rity mechanism.

       The following options may be passed to the module:

       debug	       syslog(3C) debugging information at LOG_DEBUG level

       nowarn	       Turn off warning messages

   Authentication Services
       If  the	user  has Diffie-Hellman keys, pam_sm_authenticate() establishes secret keys for the user specified by the PAM_USER (equivalent to
       running keylogin(1)), using the authentication token found in the PAM_AUTHTOK item. Not being able to establish the secret keys results	in
       an  authentication  error if the NIS+ repository is used to authenticate the user and the NIS+ table permissions require secure RPC creden-
       tials to access the password field. If pam_sm_setcred() is called with PAM_ESTABLISH_CRED and the user's secure RPC credentials need to	be
       established, these credentials are set. This is equivalent to running keylogin(1).

       If  the	credentials  could  not be set and PAM_SILENT is not specified, a diagnostic message is displayed. If pam_setcred() is called with
       PAM_DELETE_CRED, the user's secure RPC credentials are unset. This is equivalent to running keylogout(1).

       PAM_REINITIALIZE_CRED and PAM_REFRESH_CRED are not supported and return PAM_IGNORE.

   Authentication Token Management
       The pam_sm_chauthtok() implementation checks whether the old login password decrypts the users secret  keys.  If  it  doesn't  this  module
       prompts the user for an old Secure RPC password and stores it in a pam data item called SUNW_OLDRPCPASS.  This data item can be used by the
       store module to effectively update the users secret keys.


ERRORS

       The authentication service returns the following error codes:

       PAM_SUCCESS	       Credentials set successfully.

       PAM_IGNORE	       Credentials not needed to access the password repository.

       PAM_USER_UNKNOWN        PAM_USER is not set, or the user is unknown.

       PAM_AUTH_ERR	       No secret keys were set. PAM_AUTHTOK is not set, no credentials are present or there is a wrong password.

       PAM_BUF_ERR	       Module ran out of memory.

       PAM_SYSTEM_ERR	       The NIS+ subsystem failed .

       The authentication token management returns the following error codes:

       PAM_SUCCESS	       Old rpc password is set in SUNW_OLDRPCPASS

       PAM_USER_UNKNOWN        User in PAM_USER is unknown.

       PAM_AUTHTOK_ERR	       User did not provide a password that decrypts the secret keys.

       PAM_BUF_ERR	       Module ran out of memory.


ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+


SEE ALSO

       keylogin(1),    keylogout(1),	pam(3PAM),    pam_authenticate(3PAM),	 pam_chauthtok(3PAM),	 pam_setcred(3PAM),    pam_get_item(3PAM),
       pam_set_data(3PAM),  pam_get_data(3PAM),  syslog(3C),  libpam(3LIB),  pam.conf(4), attributes(5), pam_authtok_check(5), pam_authtok_get(5),
       pam_authtok_store(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)


NOTES

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

       The pam_unix(5) module is no longer supported. Similar functionality is provided  by  pam_authtok_check(5),  pam_authtok_get(5),  pam_auth-
       tok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).

SunOS 5.10							    21 Jan 2003 						     pam_dhkeys(5)
Related Man Pages
pam_dhkeys(5) - opensolaris
pam_dhkeys(5) - opendarwin
pam_dhkeys(5) - php
pam_dhkeys(5) - posix
pam_dhkeys(5) - x11r4
Similar Topics in the Unix Linux Community
Secure Portal 1.0.0 (Default branch)
Secure Portal 1.2.0 (Default branch)