MyWebUniversity.com Home Page
 



OpenSolaris man pages main menu 


Standards, Environments, and Macros                 pamsample(5)



NAME
     pamsample - a sample PAM module

SYNOPSIS
     /usr/lib/security/pamsample.so.1


DESCRIPTION
     The SAMPLE service module for PAM is divided into four  com-
     ponents:   authentication,   account   management,  password
     management, and session management. The sample module  is  a
     shared  object  that  is  dynamically  loaded to provide the
     necessary functionality.

SAMPLE AUTHENTICATION COMPONENT
     The SAMPLE authentication module provides functions to  test
     the     PAM     framework     functionality     using    the
     pamsmauthenticate(3PAM) call. The SAMPLE module  implemen-
     tation  of  the  pamsmauthenticate(3PAM) function compares
     the user entered password  with  the  password  set  in  the
     pam.conf(4)  file,  or  the  string "test" if a default test
     password has not been set.  The  following  options  can  be
     passed in to the SAMPLE Authentication module:

     debug               Syslog  debugging  information  at   the
                         LOGDEBUG level.


     pass=newone         Sets the password to be "newone".


     firstpassgood     The first password is always  good  when
                         used    with   the   usefirstpass   or
                         tryfirstpass option.


     firstpassbad      The first password is  always  bad  when
                         used    with   the   usefirstpass   or
                         tryfirstpass option.


     alwaysfail         Always returns PAMAUTHER.


     alwayssucceed      Always returns PAMSUCES.


     alwaysignore       Always returns PAMIGNORE.


     usefirstpass      Use the user's initial password (entered
                         when  the  user  is authenticated to the



SunOS 5.11           Last change: 4 Apr 2007                    1






Standards, Environments, and Macros                 pamsample(5)



                         first  authentication  module   in   the
                         stack)  to  authenticate with the SAMPLE
                         module. If the passwords do  not  match,
                         or  if  this is the first authentication
                         module in the stack,  quit  and  do  not
                         prompt  the  user  for a password. It is
                         recommended that  this  option  only  be
                         used if the SAMPLE authentication module
                         is  designated  as   optional   in   the
                         pam.conf configuration file.


     tryfirstpass      Use the user's initial password (entered
                         when  the  user  is authenticated to the
                         first  authentication  module   in   the
                         stack)  to  authenticate with the SAMPLE
                         module. If the passwords do  not  match,
                         or  if  this is the first authentication
                         module in the stack, prompt the user for
                         a password.

                         The SAMPLE  module  pamsmsetcred(3PAM)
                         function always returns PAMSUCES.


SAMPLE ACOUNT MANAGEMENT COMPONENT
     The SAMPLE Account Management Component implements a  simple
     access  control  scheme that limits machine access to a list
     of authorized users. The list of authorized  users  is  sup-
     plied  as  option  arguments  to  the  entry  for the SAMPLE
     account management PAM module in  the  pam.conf  file.  Note
     that  the  module  always  permits  access to the root super
     user.


     The option field syntax to  limit  access  is  shown  below:
     allow= name[,name] allow= name [allow=name]


     The example pam.conf show below permits only larry to  login
     directly.  rlogin  is allowed only for don and larry. Once a
     user is logged in, the user can use su if the user  are  sam
     or eric.



     login     account   require   pamsample.so.1   allow=larry
     dtlogin   account   require   pamsample.so.1   allow=larry
     rlogin    account   require   pamsample.so.1   allow=don allow=larry
     su        account   require   pamsample.so.1   allow=sam,eric





SunOS 5.11           Last change: 4 Apr 2007                    2






Standards, Environments, and Macros                 pamsample(5)



     The debug and nowarn options are also supported.

SAMPLE PASWORD MANAGEMENT COMPONENT
     The  SAMPLE  Password  Management   Component   function   (
     pamsmchauthtok(3PAM)), always returns PAMSUCES.

SAMPLE SESION MANAGEMENT COMPONENT
     The  SAMPLE  Session  Management   Component   functions   (
     pamsmopensession(3PAM),       pamsmclosesession(3PAM))
     always return PAMSUCES.

ATRIBUTES
     See attributes(5) for description of  the  following  attri-
     butes:



     
           ATRIBUTE TYPE                ATRIBUTE VALUE       
     MT Level                      MT-Safe with exceptions     
    


SEE ALSO
     pam(3PAM),                        pamsmauthenticate(3PAM),
     pamsmchauthtok(3PAM),          pamsmclosesession(3PAM),
     pamsmopensession(3PAM),             pamsmsetcred(3PAM),
     libpam(3LIB), pam.conf(4), attributes(5)

WARNINGS
     This module should never be used outside of a  closed  debug
     environment.   The   examples   of  the  usefirstpass  and
     tryfirstpass options are obsolete for  all  other  Solaris
     delivered PAM service modules

NOTES
     The interfaces in libpam() are MT-Safe only if  each  thread
     within  the multi-threaded application uses its own PAM han-
     dle.
















SunOS 5.11           Last change: 4 Apr 2007                    3
OpenSolaris man pages main menu
Contact us      |       About us      |       Term of use      |       Copyright © 2000-2010 MyWebUniversity.com ™