svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.
pam_tty_tickets(7)
Standards, Environments, Macros, Character Sets, and miscellany
pam_tty_tickets(7)
NAME
pam_tty_tickets - PAM authentication module
SYNOPSIS
pam_tty_tickets.so.1 [timeout=minutes] [sudo-compat] [debug]
DESCRIPTION
The pam_tty_tickets module provides a mechanism for checking a ticket
that was created by a prior successful authentication. Tickets by
default validity of 5 minutes.
The default ticket location includes both the source (PAM_AUSER) and
destination (PAM_USER) as well as the tty (PAM_TTY) for which it is
valid.
The module can be configured using the sudo-compat option to store the
tickets in the same location as sudo, though use of sudo is not
required to use this feature.
The pam_sm_setcred() function creates a ticket for the user in the
tickets directory.
The pam_sm_authenticate() function checks the timestamp on the ticket
is no older than the timeout value, if is then it returns PAM_SUCCESS.
If it is older then the ticket is removed and the module returns
PAM_IGNORE.
This module is intended to be placed in the auth stack with the suffi‐
cient control flag.
No messages are produced by this module using the PAM conversation
function. Some messages are sent to syslog for error conditions as as
well as messages at LOG_INFO for ticket validity checking
The following options can be passed to the module:
debug Debugging information is sent to syslog
LOG_AUTH|LOG_DEBUG.
sudo-compat Location of the per user (per tty) tickets, matches the
sudo location. When this option is set PAM_USER must be
root otherwise the module returns PAM_IGNORE and tickets
are not read or created.
timeout Validity time in minutes for a ticket. The default is 5
minutes.
EXAMPLES
Example 1 Using the Default Settings
The following is an excerpt of a sample pam.conf configuration file
that has per tty tickets with the default time out (5 minutes) for
users authenticating with su(8):
su auth required pam_unix_cred.so.1
su auth sufficient pam_tty_tickets.so.1
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
Example 2 Changing the Default Settings
The following example changes the defaults so that tickets are valid
for 10 minutes and uses the sudo location:
su auth required pam_unix_cred.so.1
su auth sufficient pam_tty_tickets.so.1 sudo-compat timeout=10
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
ERRORS
PAM_SUCCESS Ticket is valid
PAM_IGNORE All other cases
FILES
/system/volatile/tty_tickets/<PAM_AUSER>/<PAM_USER>/<PAM_TTY>
Default ticket location.
/system/volatile/sudo/<PAM_AUSER>/<PAM_TTY>
When used sudo-compat is set this file has the same format as those
created by sudo.
ATTRIBUTES
See attributes(7) for descriptions of the following attributes:
tab() box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
TRIBUTE VALUE _ Interface StabilitySee below.
The syslog messages are Volatile. The module name, module options, and
ticket locations are Committed.
SEE ALSO
pam(3PAM), pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM),
attributes(7), su(8), sudo(8)
Oracle Solaris 11.4 6 Feb 2020 pam_tty_tickets(7)