pam_tty_tickets(7) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

pam_tty_tickets(7)

Standards, Environments, Macros, Character Sets, and miscellany
                                                            pam_tty_tickets(7)



NAME
       pam_tty_tickets - PAM authentication module

SYNOPSIS
       pam_tty_tickets.so.1 [timeout=minutes] [sudo-compat] [debug]

DESCRIPTION
       The  pam_tty_tickets  module provides a mechanism for checking a ticket
       that was created by  a  prior  successful  authentication.  Tickets  by
       default validity of 5 minutes.


       The  default  ticket  location includes both the source (PAM_AUSER) and
       destination (PAM_USER) as well as the tty (PAM_TTY)  for  which  it  is
       valid.


       The  module can be configured using the sudo-compat option to store the
       tickets in the same location  as  sudo,  though  use  of  sudo  is  not
       required to use this feature.


       The  pam_sm_setcred()  function  creates  a  ticket for the user in the
       tickets directory.


       The pam_sm_authenticate() function checks the timestamp on  the  ticket
       is  no older than the timeout value, if is then it returns PAM_SUCCESS.
       If it is older then the  ticket  is  removed  and  the  module  returns
       PAM_IGNORE.


       This  module is intended to be placed in the auth stack with the suffi‐
       cient control flag.


       No messages are produced by this  module  using  the  PAM  conversation
       function.  Some  messages are sent to syslog for error conditions as as
       well as messages at LOG_INFO for ticket validity checking


       The following options can be passed to the module:

       debug          Debugging    information    is    sent     to     syslog
                      LOG_AUTH|LOG_DEBUG.


       sudo-compat    Location  of the per user (per tty) tickets, matches the
                      sudo location. When this option is set PAM_USER must  be
                      root otherwise the module returns PAM_IGNORE and tickets
                      are not read or created.


       timeout        Validity time in minutes for a ticket. The default is  5
                      minutes.


EXAMPLES
       Example 1 Using the Default Settings



       The  following  is  an  excerpt of a sample pam.conf configuration file
       that has per tty tickets with the default  time  out  (5  minutes)  for
       users authenticating with su(8):




         su auth required    pam_unix_cred.so.1
         su auth sufficient  pam_tty_tickets.so.1
         su auth requisite   pam_authtok_get.so.1
         su auth required    pam_unix_auth.so.1




       Example 2 Changing the Default Settings



       The  following  example  changes the defaults so that tickets are valid
       for 10 minutes and uses the sudo location:




         su auth required    pam_unix_cred.so.1
         su auth sufficient  pam_tty_tickets.so.1 sudo-compat timeout=10
         su auth requisite   pam_authtok_get.so.1
         su auth required    pam_unix_auth.so.1




ERRORS
       PAM_SUCCESS    Ticket is valid


       PAM_IGNORE     All other cases


FILES
       /system/volatile/tty_tickets/<PAM_AUSER>/<PAM_USER>/<PAM_TTY>

           Default ticket location.


       /system/volatile/sudo/<PAM_AUSER>/<PAM_TTY>

           When used sudo-compat is set this file has the same format as those
           created by sudo.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Interface StabilitySee below.



       The syslog messages are Volatile. The module name, module options,  and
       ticket locations are Committed.

SEE ALSO
       pam(3PAM),       pam_sm_authenticate(3PAM),       pam_sm_setcred(3PAM),
       attributes(7), su(8), sudo(8)



Oracle Solaris 11.4               6 Feb 2020                pam_tty_tickets(7)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3