Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   16655 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PAM_SAMPLE(5)							 PAM_SAMPLE(5)

NAME
       pam_sample - a sample PAM module

SYNOPSIS
       /usr/lib/security/pam_sample.so.1

DESCRIPTION
       The  SAMPLE  service  module  for  PAM is divided into four components:
       authentication, account management, password  management,  and  session
       management.  The	 sample	 module is a shared object that is dynamically
       loaded to provide the necessary functionality.

SAMPLE AUTHENTICATION COMPONENT
       The SAMPLE authentication module provides functions  to	test  the  PAM
       framework  functionality	 using the pam_sm_authenticate(3PAM) call. The
       SAMPLE module implementation of the pam_sm_authenticate(3PAM)  function
       compares	 the  user  entered  password  with  the  password  set in the
       pam.conf(4) file, or the string "test" if a default test	 password  has
       not  been  set.	The  following	options can be passed in to the SAMPLE
       Authentication module:

       debug
			   Syslog  debugging  information  at  the   LOG_DEBUG
			   level.

       pass=newone
			   Sets the password to be "newone".

       first_pass_good
			   The	first  password	 is always good when used with
			   the use_first_pass or try_first_pass option.

       first_pass_bad
			   The first password is always bad when used with the
			   use_first_pass or try_first_pass option.

       always_fail
			   Always returns PAM_AUTH_ERR.

       always_succeed
			   Always returns PAM_SUCCESS.

       always_ignore
			   Always returns PAM_IGNORE.

       use_first_pass
			   Use	the  user's initial password (entered when the
			   user is authenticated to the	 first	authentication
			   module  in the stack) to authenticate with the SAM‐
			   PLE module. If the passwords do not	match,	or  if
			   this	 is  the  first	 authentication	 module in the
			   stack, quit and do not prompt the user for a	 pass‐
			   word.  It  is  recommended that this option only be
			   used if the SAMPLE authentication module is	desig‐
			   nated  as  optional	in  the pam.conf configuration
			   file.

       try_first_pass
			   Use the user's initial password (entered  when  the
			   user	 is  authenticated to the first authentication
			   module in the stack) to authenticate with the  SAM‐
			   PLE	module.	 If  the passwords do not match, or if
			   this is the	first  authentication  module  in  the
			   stack, prompt the user for a password.

			   The	SAMPLE	module	pam_sm_setcred(3PAM)  function
			   always returns PAM_SUCCESS.

SAMPLE ACCOUNT MANAGEMENT COMPONENT
       The SAMPLE Account Management Component implements a simple access con‐
       trol  scheme  that limits machine access to a list of authorized users.
       The list of authorized users is supplied as  option  arguments  to  the
       entry  for  the	SAMPLE	account	 management PAM module in the pam.conf
       file. Note that the module always permits  access  to  the  root	 super
       user.

       The  option  field  syntax  to  limit  access  is  shown	 below: allow=
       name[,name] allow= name [allow=name]

       The example pam.conf show below permits only larry to  login  directly.
       rlogin is allowed only for don and larry. Once a user is logged in, the
       user can use su if the user are sam or eric.

       login	 account   require   pam_sample.so.1   allow=larry
       dtlogin	 account   require   pam_sample.so.1   allow=larry
       rlogin	 account   require   pam_sample.so.1   allow=don allow=larry
       su	 account   require   pam_sample.so.1   allow=sam,eric

       The debug and nowarn options are also supported.

SAMPLE PASSWORD MANAGEMENT COMPONENT
       The SAMPLE Password  Management	Component  function  (	pam_sm_chauth‐
       tok(3PAM)), always returns PAM_SUCCESS.

SAMPLE SESSION MANAGEMENT COMPONENT
       The  SAMPLE  Session  Management Component functions ( pam_sm_open_ses‐
       sion(3PAM), pam_sm_close_session(3PAM)) always return PAM_SUCCESS.

ATTRIBUTES
       See attributes(5) for description of the following attributes:

       ┌───────────────┬─────────────────────────┐
       │ATTRIBUTE TYPE │     ATTRIBUTE VALUE	 │
       ├───────────────┼─────────────────────────┤
       │MT Level       │ MT-Safe with exceptions │
       └───────────────┴─────────────────────────┘

SEE ALSO
       pam(3PAM),      pam_sm_authenticate(3PAM),      pam_sm_chauthtok(3PAM),
       pam_sm_close_session(3PAM),    pam_sm_open_session(3PAM),   pam_sm_set‐
       cred(3PAM), libpam(3LIB), pam.conf(4), attributes(5)

WARNINGS
       This module should never be used outside of a closed debug environment.
       The examples of the use_first_pass and try_first_pass options are obso‐
       lete for all other Solaris delivered PAM service modules

NOTES
       The interfaces in libpam() are MT-Safe only if each thread  within  the
       multi-threaded application uses its own PAM handle.

				  Apr 4, 2007			 PAM_SAMPLE(5)

Vote for polarhome