1pam_unix_cred(5)      Standards, Environments, and Macros     pam_unix_cred(5)
2
3
4

NAME

6       pam_unix_cred - PAM user credential authentication module for UNIX
7

SYNOPSIS

9       pam_unix_cred.so.1
10
11

DESCRIPTION

13       The  pam_unix_cred  module implements pam_sm_setcred(3PAM). It provides
14       functions that establish user credential information. It  is  a  module
15       separate  from  the pam_unix_auth(5) module to allow replacement of the
16       authentication functionality independently from  the  credential  func‐
17       tionality.
18
19
20       The  pam_unix_cred  module  must  always be stacked along with whatever
21       authentication module is used to ensure correct credential setting.
22
23
24       Authentication service modules  must  implement  both  pam_sm_authenti‐
25       cate() and pam_sm_setcred().
26
27
28       pam_sm_authenticate() in this module always returns PAM_IGNORE.
29
30
31       pam_sm_setcred()  initializes  the  user's  project, privilege sets and
32       initializes or updates the user's audit context if  it  hasn't  already
33       been initialized. The following flags may be set in the flags field:
34
35       PAM_ESTABLISH_CRED
36       PAM_REFRESH_CRED
37       PAM_REINITIALIZE_CRED
38
39           Initializes   the  user's  project  to  the  project  specified  in
40           PAM_RESOURCE, or if PAM_RESOURCE is not specified,  to  the  user's
41           default project. Establishes the user's privilege sets.
42
43           If  the  audit  context  is not already initialized and auditing is
44           configured, these flags cause the context to be initialized to that
45           of  the  user  specified in PAM_AUSER (if any) merged with the user
46           specified in PAM_USER and host specified in PAM_RHOST. If PAM_RHOST
47           is  not  specified,  PAM_TTY  specifies  the  local  terminal name.
48           Attributing audit to PAM_AUSER and merging PAM_USER is required for
49           correctly  attributing  auditing when the system entry is performed
50           by another user that can be identified as trustworthy.
51
52           If the audit context is  already  initialized,  the  PAM_REINITIAL‐
53           IZE_CRED  flag  merges  the  current audit context with that of the
54           user specified in PAM_USER. PAM_REINITIALIZE_CRED is useful when  a
55           user is assuming a new identity, as with su(1M).
56
57
58       PAM_DELETE_CRED
59
60           This flag has no effect and always returns PAM_SUCCESS.
61
62
63
64       The following options are interpreted:
65
66       debug     Provides  syslog(3C)  debugging  information at the LOG_DEBUG
67                 level.
68
69
70       nowarn    Disables any warning messages.
71
72

ERRORS

74       Upon  successful  completion  of   pam_sm_setcred(),   PAM_SUCCESS   is
75       returned. The following error codes are returned upon error:
76
77       PAM_CRED_UNAVAIL    Underlying  authentication  service cannot retrieve
78                           user credentials
79
80
81       PAM_CRED_EXPIRED    User credentials have expired
82
83
84       PAM_USER_UNKNOWN    User is unknown to the authentication service
85
86
87       PAM_CRED_ERR        Failure in setting user credentials
88
89
90       PAM_BUF_ERR         Memory buffer error
91
92
93       PAM_SYSTEM_ERR      System error
94
95
96
97       The following values are returned from pam_sm_authenticate():
98
99       PAM_IGNORE    Ignores this module regardless of the control flag
100
101

ATTRIBUTES

103       See attributes(5) for descriptions of the following attributes:
104
105
106
107
108       ┌─────────────────────────────┬─────────────────────────────┐
109       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
110       ├─────────────────────────────┼─────────────────────────────┤
111       │Interface Stability          │Evolving                     │
112       ├─────────────────────────────┼─────────────────────────────┤
113       │MT Level                     │MT-Safe with exceptions      │
114       └─────────────────────────────┴─────────────────────────────┘
115

SEE ALSO

117       ssh(1),  su(1M),  settaskid(2),   libpam(3LIB),   getprojent(3PROJECT),
118       pam(3PAM),  pam_set_item(3PAM),  pam_sm_authenticate(3PAM), syslog(3C),
119       setproject(3PROJECT),pam.conf(4),     nsswitch.conf(4),     project(4),
120       attributes(5),   pam_authtok_check(5),   pam_authtok_get(5),  pam_auth‐
121       tok_store(5),  pam_dhkeys(5),   pam_passwd_auth(5),   pam_unix_auth(5),
122       pam_unix_account(5), pam_unix_session(5), privileges(5)
123

NOTES

125       The  interfaces  in libpam(3LIB) are MT-Safe only if each thread within
126       the multi-threaded application uses its own PAM handle.
127
128
129       If this module is replaced, the audit context and credential may not be
130       correctly configured.
131
132
133
134SunOS 5.11                        9 Mar 2005                  pam_unix_cred(5)
Impressum