unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

pam_unix_cred(5)      Standards, Environments, and Macros     pam_unix_cred(5)



NAME
       pam_unix_cred - PAM user credential authentication module for UNIX

SYNOPSIS
       pam_unix_cred.so.1

DESCRIPTION
       The  pam_unix_cred  module implements pam_sm_setcred(3PAM). It provides
       functions that establish user credential information. It  is  a  module
       separate  from  the pam_unix_auth(5) module to allow replacement of the
       authentication functionality independently from  the  credential  func-
       tionality.

       The  pam_unix_cred  module  must  always be stacked along with whatever
       authentication module is used to ensure correct credential setting.

       Authentication service modules  must  implement  both  pam_sm_authenti-
       cate() and pam_sm_setcred().

       pam_sm_authenticate() in this module always returns PAM_IGNORE.

       pam_sm_setcred()  initializes  the  user's  project, privilege sets and
       initializes or updates the user's audit context if  it  hasn't  already
       been initialized. The following flags may be set in the flags field:

       PAM_ESTABLISH_CRED      Initializes  the  user's project to the project
       PAM_REFRESH_CRED        specified in PAM_RESOURCE, or  if  PAM_RESOURCE
       PAM_REINITIALIZE_CRED   is   not   specified,  to  the  user's  default
                               project. Establishes the user's privilege sets.

                               If the audit context is not already initialized
                               and  auditing  is configured, these flags cause
                               the context to be initialized to  that  of  the
                               user  specified  in PAM_USER and host specified
                               in PAM_RHOST. If PAM_RHOST  is  not  specified,
                               the  local  host  is used. Additionally, if the
                               audit  context  is  already  initialized,   the
                               PAM_REINITIALIZE_CRED  flag  merges the current
                               audit context with that of the  user  specified
                               in  PAM_USER.  PAM_REINITIALIZE_CRED  is useful
                               when a user is assuming a new identity, as with
                               su(1M).





       PAM_DELETE_CRED         This  flag  has  no  effect  and always returns
                               PAM_SUCCESS.



       The following options are interpreted:

       debug           Provides  syslog(3C)  debugging  information   at   the
                       LOG_DEBUG level.



       nowarn          Disables any warning messages.



ERRORS
       Upon   successful   completion   of  pam_sm_setcred(),  PAM_SUCCESS  is
       returned. The following error codes are returned upon error:

       PAM_CRED_UNAVAIL        Underlying   authentication   service    cannot
                               retrieve user credentials



       PAM_CRED_EXPIRED        User credentials have expired



       PAM_USER_UNKNOWN        User is unknown to the authentication service



       PAM_CRED_ERR            Failure in setting user credentials



       PAM_BUF_ERR             Memory buffer error



       PAM_SYSTEM_ERR          System error



       The following values are returned from pam_sm_authenticate():

       PAM_IGNORE              Ignores  this  module regardless of the control
                               flag



ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE Interface StabilityEvolv-
       ing MT LevelMT-Safe with exceptions


SEE ALSO
       su(1M), settaskid(2),  libpam(3LIB),  getprojent(3PROJECT),  pam(3PAM),
       pam_set_item(3PAM),   pam_sm_authenticate(3PAM),   syslog(3C),  setpro-
       ject(3PROJECT),pam.conf(4),        nsswitch.conf(4),        project(4),
       attributes(5),   pam_authtok_check(5),   pam_authtok_get(5),  pam_auth-
       tok_store(5),  pam_dhkeys(5),   pam_passwd_auth(5),   pam_unix_auth(5),
       pam_unix_account(5), pam_unix_session(5), privileges(5)

NOTES
       The  interfaces  in libpam(3LIB) are MT-Safe only if each thread within
       the multi-threaded application uses its own PAM handle.

       If this module is replaced, the audit context and credential may not be
       correctly configured.



SunOS 5.10                        29 Jul 2004                 pam_unix_cred(5)