1 .\" Copyright (c) 2001 Mark R V Murray
2 .\" All rights reserved.
3 .\" Copyright (c) 2001 Networks Associates Technology, Inc.
4 .\" All rights reserved.
6 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
7 .\" NAI Labs, the Security Research Division of Network Associates, Inc.
8 .\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 .\" DARPA CHATS research program.
11 .\" Redistribution and use in source and binary forms, with or without
12 .\" modification, are permitted provided that the following conditions
14 .\" 1. Redistributions of source code must retain the above copyright
15 .\" notice, this list of conditions and the following disclaimer.
16 .\" 2. Redistributions in binary form must reproduce the above copyright
17 .\" notice, this list of conditions and the following disclaimer in the
18 .\" documentation and/or other materials provided with the distribution.
19 .\" 3. The name of the author may not be used to endorse or promote
20 .\" products derived from this software without specific prior written
23 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 authentication service module for PAM,
54 provides functionality for two PAM categories:
56 and account management.
59 parameter, they are the
64 It also provides a null function for session management.
65 .Ss Ux Ss Authentication Module
68 authentication component
69 provides functions to verify the identity of a user
70 .Pq Fn pam_sm_authenticate ,
71 which obtains the relevant
74 It prompts the user for a password
75 and verifies that this is correct with
78 The following options may be passed to the authentication module:
79 .Bl -tag -width ".Cm use_first_pass"
82 debugging information at
86 If the authentication module
87 is not the first in the stack,
89 obtained the user's password,
91 to authenticate the user.
93 the authentication module returns failure
94 without prompting the user for a password.
95 This option has no effect
96 if the authentication module
97 is the first in the stack,
98 or if no previous modules
99 obtained the user's password.
100 .It Cm try_first_pass
101 This option is similar to the
104 except that if the previously obtained password fails,
105 the user is prompted for another password.
107 This option will require the user
108 to authenticate himself as the user
111 not as the account they are attempting to access.
112 This is primarily for services like
114 where the user's ability to retype
116 might be deemed sufficient.
118 If the password database
120 for the entity being authenticated,
122 will forgo password prompting,
123 and silently allow authentication to succeed.
125 Use only the local password database,
126 even if NIS is in use.
127 This will cause an authentication failure
128 if the system is configured
131 Use only the NIS password database.
132 This will cause an authentication failure
133 if the system is not configured
136 .Ss Ux Ss Account Management Module
139 account management component
140 provides a function to perform account management,
141 .Fn pam_sm_acct_mgmt .
142 The function verifies
143 that the authenticated user
144 is allowed to login to the local user account
145 by checking the password expiry date.
147 The following options may be passed to the management module:
148 .Bl -tag -width ".Cm use_first_pass"
151 debugging information at
155 .Ss Ux Ss Password Management Module
158 password management component
159 provides a function to perform account management,
160 .Fn pam_sm_chauthtok .
164 The following options may be passed to the password module:
165 .Bl -tag -width ".Cm use_first_pass"
168 debugging information at
172 suppress warning messages to the user.
173 These messages include
174 reasons why the user's
175 authentication attempt was declined.
177 forces the password module
178 to change a local password
179 in favour of a NIS one.
181 forces the password module
182 to change a NIS password
183 in favour of a local one.
186 .Bl -tag -width ".Pa /etc/master.passwd" -compact
187 .It Pa /etc/master.passwd
198 .Xr nsswitch.conf 5 ,