|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
Standards, Environments, and Macros pam_dhkeys(5)
NAME
pam_dhkeys - authentication Diffie-Hellman keys management
module
SYNOPSIS
pam_dhkeys.so.1
DESCRIPTION
The pam_dhkeys.so.1 service module provides functionality to
two PAM services: Secure RPC authentication and Secure RPC
authentication token management.
Secure RPC authentication differs from regular unix authen-
tication because NIS+ and other ONC RPCs use Secure RPC as
the underlying security mechanism.
The following options may be passed to the module:
debug syslog(3C) debugging information at
LOG_DEBUG level
nowarn Turn off warning messages
Authentication Services
If the user has Diffie-Hellman keys, pam_sm_authenticate()
establishes secret keys for the user specified by the
PAM_USER (equivalent to running keylogin(1)), using the
authentication token found in the PAM_AUTHTOK item. Not
being able to establish the secret keys results in an
authentication error if the NIS+ repository is used to
authenticate the user and the NIS+ table permissions require
secure RPC credentials to access the password field. If
pam_sm_setcred() is called with PAM_ESTABLISH_CRED and the
user's secure RPC credentials need to be established, these
credentials are set. This is equivalent to running keylo-
gin(1).
If the credentials could not be set and PAM_SILENT is not
specified, a diagnostic message is displayed. If
pam_setcred() is called with PAM_DELETE_CRED, the user's
secure RPC credentials are unset. This is equivalent to run-
ning keylogout(1).
PAM_REINITIALIZE_CRED and PAM_REFRESH_CRED are not supported
and return PAM_IGNORE.
Authentication Token Management
SunOS 5.10 Last change: 21 Jan 2003 1
Standards, Environments, and Macros pam_dhkeys(5)
The pam_sm_chauthtok() implementation checks whether the old
login password decrypts the users secret keys. If it doesn't
this module prompts the user for an old Secure RPC password
and stores it in a pam data item called SUNW_OLDRPCPASS.
This data item can be used by the store module to effec-
tively update the users secret keys.
ERRORS
The authentication service returns the following error
codes:
PAM_SUCCESS Credentials set successfully.
PAM_IGNORE Credentials not needed to access the
password repository.
PAM_USER_UNKNOWN PAM_USER is not set, or the user is
unknown.
PAM_AUTH_ERR No secret keys were set. PAM_AUTHTOK
is not set, no credentials are
present or there is a wrong pass-
word.
PAM_BUF_ERR Module ran out of memory.
PAM_SYSTEM_ERR The NIS+ subsystem failed .
The authentication token management returns the following
error codes:
PAM_SUCCESS Old rpc password is set in
SUNW_OLDRPCPASS
PAM_USER_UNKNOWN User in PAM_USER is unknown.
SunOS 5.10 Last change: 21 Jan 2003 2
Standards, Environments, and Macros pam_dhkeys(5)
PAM_AUTHTOK_ERR User did not provide a password that
decrypts the secret keys.
PAM_BUF_ERR Module ran out of memory.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
| MT Level | MT-Safe with exceptions |
|_____________________________|_____________________________|
SEE ALSO
keylogin(1), keylogout(1), pam(3PAM),
pam_authenticate(3PAM), pam_chauthtok(3PAM),
pam_setcred(3PAM), pam_get_item(3PAM), pam_set_data(3PAM),
pam_get_data(3PAM), syslog(3C), libpam(3LIB), pam.conf(4),
attributes(5), pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_passwd_auth(5),
pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multi-threaded application uses its own
PAM handle.
The pam_unix(5) module is no longer supported. Similar func-
tionality is provided by pam_authtok_check(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5),
and pam_unix_session(5).
SunOS 5.10 Last change: 21 Jan 2003 3
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:27:54 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2877 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2487 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2407 hits)
(Suse Linux 10.1)
|
Man Pages 
