pam_unix_cred man page on SmartOS

Man page or keyword search:  
man Server   16655 pages
apropos Keyword Search (all sections)
Output format
SmartOS logo
[printable version]

PAM_UNIX_CRED(5)					      PAM_UNIX_CRED(5)

NAME
       pam_unix_cred - PAM user credential authentication module for UNIX

SYNOPSIS
       pam_unix_cred.so.1

DESCRIPTION
       The  pam_unix_cred  module implements pam_sm_setcred(3PAM). It provides
       functions that establish user credential information. It	 is  a	module
       separate	 from  the pam_unix_auth(5) module to allow replacement of the
       authentication functionality independently from	the  credential	 func‐
       tionality.

       The  pam_unix_cred  module  must	 always be stacked along with whatever
       authentication module is used to ensure correct credential setting.

       Authentication service modules  must  implement	both  pam_sm_authenti‐
       cate() and pam_sm_setcred().

       pam_sm_authenticate() in this module always returns PAM_IGNORE.

       pam_sm_setcred()	 initializes  the  user's  project, privilege sets and
       initializes or updates the user's audit context if  it  hasn't  already
       been initialized. The following flags may be set in the flags field:

       PAM_ESTABLISH_CRED
       PAM_REFRESH_CRED
       PAM_REINITIALIZE_CRED

	   Initializes	 the  user's  project  to  the	project	 specified  in
	   PAM_RESOURCE, or if PAM_RESOURCE is not specified,  to  the	user's
	   default project.  Establishes the user's privilege sets.

	   If  the  audit  context  is not already initialized and auditing is
	   configured, these flags cause the context to be initialized to that
	   of  the  user  specified in PAM_AUSER (if any) merged with the user
	   specified in PAM_USER and host specified in PAM_RHOST. If PAM_RHOST
	   is  not  specified,	PAM_TTY	 specifies  the	 local	terminal name.
	   Attributing audit to PAM_AUSER and merging PAM_USER is required for
	   correctly  attributing  auditing when the system entry is performed
	   by another user that can be identified as trustworthy.

	   If the audit context is  already  initialized,  the	PAM_REINITIAL‐
	   IZE_CRED  flag  merges  the	current audit context with that of the
	   user specified in PAM_USER. PAM_REINITIALIZE_CRED is useful when  a
	   user is assuming a new identity, as with su(1M).

       PAM_DELETE_CRED

	   This flag has no effect and always returns PAM_SUCCESS.

       The following options are interpreted:

       debug
		 Provides  syslog(3C)  debugging  information at the LOG_DEBUG
		 level.

       nowarn
		 Disables any warning messages.

ERRORS
       Upon  successful	 completion  of	  pam_sm_setcred(),   PAM_SUCCESS   is
       returned. The following error codes are returned upon error:

       PAM_CRED_UNAVAIL
			   Underlying  authentication  service cannot retrieve
			   user credentials

       PAM_CRED_EXPIRED
			   User credentials have expired

       PAM_USER_UNKNOWN
			   User is unknown to the authentication service

       PAM_CRED_ERR
			   Failure in setting user credentials

       PAM_BUF_ERR
			   Memory buffer error

       PAM_SYSTEM_ERR
			   System error

       The following values are returned from pam_sm_authenticate():

       PAM_IGNORE
		     Ignores this module regardless of the control flag

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌────────────────────┬─────────────────────────┐
       │  ATTRIBUTE TYPE    │	  ATTRIBUTE VALUE     │
       ├────────────────────┼─────────────────────────┤
       │Interface Stability │ Evolving		      │
       ├────────────────────┼─────────────────────────┤
       │MT Level	    │ MT-Safe with exceptions │
       └────────────────────┴─────────────────────────┘

SEE ALSO
       ssh(1),	su(1M),	 settaskid(2),	 libpam(3LIB),	 getprojent(3PROJECT),
       pam(3PAM),  pam_set_item(3PAM),	pam_sm_authenticate(3PAM), syslog(3C),
       setproject(3PROJECT),pam.conf(4),     nsswitch.conf(4),	   project(4),
       attributes(5),	pam_authtok_check(5),	pam_authtok_get(5),  pam_auth‐
       tok_store(5),  pam_dhkeys(5),   pam_passwd_auth(5),   pam_unix_auth(5),
       pam_unix_account(5), pam_unix_session(5), privileges(5)

NOTES
       The  interfaces	in libpam(3LIB) are MT-Safe only if each thread within
       the multi-threaded application uses its own PAM handle.

       If this module is replaced, the audit context and credential may not be
       correctly configured.

				  Mar 9, 2005		      PAM_UNIX_CRED(5)
[top]

List of man pages available for SmartOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net