pam_unix_auth(7) 맨 페이지 - 윈디하나의 솔라나라

개요

섹션
맨 페이지 이름
검색(S)

pam_unix_auth(7)

Standards, Environments, Macros, Character Sets, and miscellany
                                                              pam_unix_auth(7)



NAME
       pam_unix_auth - PAM authentication module for UNIX

SYNOPSIS
       pam_unix_auth.so.1

DESCRIPTION
       The  pam_unix_auth  module implements pam_sm_authenticate(), which pro‐
       vides functionality to the PAM authentication stack. It provides  func‐
       tions  that  use crypt(3C) to verify that the password contained in the
       PAM item PAM_AUTHTOK is the correct password for the user specified  in
       the item PAM_USER.


       If  PAM_AUSER  and  PAM_USER are both specified and PAM_USER is a role,
       the user_attr(5) keyword roleauth is checked to determine if the  pass‐
       word  that  is  checked is for the role (PAM_USER) or the assuming user
       (PAM_AUSER). If PAM_REPOSITORY is specified, the user's  pass  word  is
       fetched  from  that repository. Otherwise, the default nsswitch.conf(5)
       repository is searched for that user.


       For accounts in the name services which support automatic account lock‐
       ing,  the  account  can  be  configured to be automatically locked (see
       user_attr(5) and policy.conf(5)) after multiple failed login  attempts.
       For  accounts that are configured for automatic locking, if authentica‐
       tion failure is to be returned, the failed login counter is incremented
       upon  each  failure.  If  the  number  of successive failures equals or
       exceeds the configured value, the account is locked and PAM_MAXTRIES is
       returned.  The  files (see passwd(5) and shadow(5)) and ldap (when con‐
       figured with enableShadowUpdate true, see ldapclient(8)),  repositories
       support  automatic account locking. A successful authentication by this
       module clears the failed login counter and reports the number of failed
       attempts  since  the last successful authentication. Accounts that have
       been locked, may be configured to be automatically unlocked  upon  suc‐
       cessful  authentication by configuring an unlock time (see user_attr(5)
       and policy.conf(5)).


       Authentication service modules  must  implement  both  pam_sm_authenti‐
       cate()  and  pam_sm_setcred().  To  allow the authentication portion of
       UNIX authentication to be replaced,  pam_sm_setcred()  in  this  module
       always   returns   PAM_IGNORE.  This  module  should  be  stacked  with
       pam_unix_cred(7) to ensure a successful return from pam_setcred(3PAM).


       The following options can be passed to the module:

       nowarn

           Turn off warning messages.


       server_policy

           If the account authority for the user, as specified by PAM_USER, is
           a server, do not apply the UNIX policy from the passwd entry in the
           name service switch.


       nolock

           Regardless  of  the  automatic  account  locking  setting  for  the
           account,  do  not  lock  the account, increment or clear the failed
           login count. The nolock option allows for exempting account locking
           on a per service basis.


ERRORS
       The following error codes are returned from pam_sm_authenticate():

       PAM_AUTH_ERR

           Authentication failure.


       PAM_BUF_ERR

           Memory buffer error.


       PAM_IGNORE

           Ignores module, not participating in result.


       PAM_MAXTRIES

           Maximum number of retries exceeded.


       PAM_PERM_DENIED

           Permission denied.


       PAM_SUCCESS

           Successfully obtains authentication token.


       PAM_SYSTEM_ERR

           System error.


       PAM_USER_UNKNOWN

           No account present for user.



       The following error codes are returned from pam_sm_setcred():

       PAM_IGNORE

           Ignores this module regardless of the control flag.


ATTRIBUTES
       See attributes(7) for descriptions of the following attributes:


       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Interface StabilityCommitted  _  MT  LevelMT-Safe  with
       exceptions


SEE ALSO
       login(1),  passwd(1),  crypt(3C),  syslog(3C), libpam(3LIB), pam(3PAM),
       pam_authenticate(3PAM),      pam_setcred(3PAM),       nsswitch.conf(5),
       pam.conf(5),   passwd(5),   policy.conf(5),   shadow(5),  user_attr(5),
       attributes(7),  pam_authtok_check(7),   pam_authtok_get(7),   pam_auth‐
       tok_store(7),  pam_dhkeys(7),  pam_passwd_auth(7), pam_unix_account(7),
       pam_unix_session(7), ldapclient(8), roleadd(8), rolemod(8), useradd(8),
       usermod(8)

NOTES
       The  interfaces  in libpam(3LIB) are MT-Safe only if each thread within
       the multi-threaded application uses its own PAM handle.


       If the PAM_REPOSITORY  item_type is set and a service module  does  not
       recognize  the  type,  the service module does not process any informa‐
       tion, and returns PAM_IGNORE. If the PAM_REPOSITORY  item_type  is  not
       set, a service module performs its default action.



Oracle Solaris 11.4               27 Oct 2014                 pam_unix_auth(7)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.
RSS ATOM XHTML 5 CSS3