|
Hopefully, this page is exactly what you are looking for, but if not, you can always find further assistance on Unix/Linux Forum!
Standards, Environments, and Macros pam_unix_auth(5)
NAME
pam_unix_auth - PAM authentication module for UNIX
SYNOPSIS
pam_unix_auth.so.1
DESCRIPTION
The pam_unix_auth module implements pam_sm_authenticate(),
which provides functionality to the PAM authentication
stack. It provides functions to verify that the password
contained in the PAM item PAM_AUTHTOK is the correct pass-
word for the user specified in the item PAM_USER. If
PAM_REPOSITORY is specified, then user's passwd is fetched
from that repository. Otherwise, the default
nsswitch.conf(4) repository is searched for that user. For
accounts in the name services which support automatic
account locking, the account may be configured to be
automatically locked (see user_attr(4) and policy.conf(4))
after multiple failed login attempts. If the number of suc-
cessive failures equals or exceeds RETRIES, the account is
locked and PAM_MAXTRIES is returned. Currently, only the
"files" repository (see passwd(4) and shadow(4)) supports
automatic account locking. A successful authentication by
this module clears the failed login counter and reports the
number of failed attempts since the last successful authen-
tication.
Authentication service modules must implement both
pam_sm_authenticate() and pam_sm_setcred(). To allow repla-
cability of the authentication portion of UNIX authentica-
tion, pam_sm_setcred() in this module always returns
PAM_IGNORE. This module should be stacked with
pam_unix_cred(5) to ensure a successful return from
pam_setcred(3PAM).
The following options can be passed to the module:
nowarn Turn off warning messages.
server_policy If the account authority for the user, as
specified by PAM_USER, is a server, do not
apply the Unix policy from the passwd entry
in the name service switch.
nolock Regardless of the automatic account locking
setting for the account, do not lock the
account, increment or clear the failed login
count. The nolock option allows for
SunOS 5.10 Last change: 2 Aug 2004 1
Standards, Environments, and Macros pam_unix_auth(5)
exempting account locking on a per service
basis.
ERRORS
The following error codes are returned from
pam_sm_authenticate():
PAM_AUTH_ERR
Authentication failure.
PAM_BUF_ERR
Memory buffer error.
PAM_IGNORE
Ignores module, not participating in result.
PAM_MAXTRIES
Maximum number of retries exceeded.
PAM_PERM_DENIED
Permission denied.
PAM_SUCCESS
Successfully obtains authentication token.
PAM_SYSTEM_ERR
System error.
SunOS 5.10 Last change: 2 Aug 2004 2
Standards, Environments, and Macros pam_unix_auth(5)
PAM_USER_UNKNOWN
No account present for user.
The following error codes are returned from
pam_sm_setcred():
PAM_IGNORE
Ignores this module regardless of the control flag.
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
| MT Level | MT-Safe with exceptions |
|_____________________________|_____________________________|
SEE ALSO
login(1), passwd(1), useradd(1M), usermod(1M), roleadd(1M),
rolemod(1M), libpam(3LIB), pam(3PAM),
pam_authenticate(3PAM), pam_setcred(3PAM), syslog(3C),
pam.conf(4), passwd(4), policy.conf(4), nsswitch.conf(4),
shadow(4), user_attr(4), attributes(5),
pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),
pam_unix_account(5), pam_unix_session(5)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multi-threaded application uses its own
PAM handle.
The pam_unix(5) module is no longer supported. Similar func-
tionality is provided by pam_authtok_check(5),
pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
pam_passwd_auth(5),pam_setcred(3PAM), pam_unix_account(5),
pam_unix_cred(5), pam_unix_session(5).
If the PAM_REPOSITORY item_type is set and a service module
does not recognize the type, the service module does not
process any information, and returns PAM_IGNORE. If the
SunOS 5.10 Last change: 2 Aug 2004 3
Standards, Environments, and Macros pam_unix_auth(5)
PAM_REPOSITORY item_type is not set, a service module per-
forms its default action.
SunOS 5.10 Last change: 2 Aug 2004 4
Man(1) output converted with
man2html and wrapped by fishsponge
This page was generated on Wed Sep 12 11:27:56 GMT 2007
|
Your favourite pages:
No pages logged yet.
Trying to save cookie... Top 10 most popular pages:
sqlite3 man page (5334 hits)
(openSUSE 10.2)
svn man page (5208 hits)
(FreeBSD 6.2)
adv_cap_autoneg man page (4870 hits)
(Solaris 10 11_06)
CPAN man page (4607 hits)
(Suse Linux 10.1)
ssh man page (4342 hits)
(Suse Linux 10.1)
ssh-socks5-proxy-connect man page (2876 hits)
(Solaris 10 11_06)
netcat man page (2717 hits)
(Suse Linux 10.1)
pprosetup man page (2487 hits)
(Solaris 10 11_06)
startproc man page (2471 hits)
(Suse Linux 10.1)
signal man page (2407 hits)
(Suse Linux 10.1)
|
Man Pages 
