1 .\" Copyright (c) 2001 Mark R V Murray
2 .\" All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
42 authentication service module for PAM,
44 provides functionality for two PAM categories:
46 and account management.
49 parameter, they are the
54 It also provides a null function for session management.
55 .Ss Ux Ss Authentication Module
58 authentication component
59 provides functions to verify the identity of a user
60 .Pq Fn pam_sm_authenticate ,
61 which obtains the relevant
64 It prompts the user for a password
65 and verifies that this is correct with
68 The following options may be passed to the authentication module:
69 .Bl -tag -width ".Cm use_first_pass"
72 debugging information at
76 If the authentication module
77 is not the first in the stack,
79 obtained the user's password,
81 to authenticate the user.
83 the authentication module returns failure
84 without prompting the user for a password.
85 This option has no effect
86 if the authentication module
87 is the first in the stack,
88 or if no previous modules
89 obtained the user's password.
91 This option is similar to the
94 except that if the previously obtained password fails,
95 the user is prompted for another password.
97 This option will require the user
98 to authenticate themself as the user
101 not as the account they are attempting to access.
102 This is primarily for services like
104 where the user's ability to retype
106 might be deemed sufficient.
108 If the password database
110 for the entity being authenticated,
112 will forgo password prompting,
113 and silently allow authentication to succeed.
115 .Ss Ux Ss Account Management Module
118 account management component
119 provides a function to perform account management,
120 .Fn pam_sm_acct_mgmt .
121 The function verifies
122 that the authenticated user
123 is allowed to login to the local user account
124 by checking the password expiry date.
126 The following options may be passed to the management module:
127 .Bl -tag -width ".Cm use_first_pass"
130 debugging information at
134 .Ss Ux Ss Password Management Module
137 password management component
138 provides a function to perform account management,
139 .Fn pam_sm_chauthtok .
143 The following options may be passed to the password module:
144 .Bl -tag -width ".Cm use_first_pass"
147 debugging information at
151 suppress warning messages to the user.
152 These messages include
153 reasons why the user's
154 authentication attempt was declined.
156 forces the password module
157 to change a local password
158 in favour of a NIS one.
160 forces the password module
161 to change a NIS password
162 in favour of a local one.
165 .Bl -tag -width ".Pa /etc/master.passwd" -compact
166 .It Pa /etc/master.passwd