Manual Pages for UNIX Operating System command usage for man pam_sample

Standards, Environments, and Macros                 pam_sample(5)



NAME
     pam_sample - a sample PAM module

SYNOPSIS
     /usr/lib/security/pam_sample.so.1


DESCRIPTION
     The SAMPLE service module for PAM is divided into four  com-
     ponents:   authentication,   account   management,  password
     management, and session management. The sample module  is  a
     shared  object  that  is  dynamically  loaded to provide the
     necessary functionality.

SAMPLE AUTHENTICATION COMPONENT
     The SAMPLE authentication module provides functions to  test
     the     PAM     framework     functionality     using    the
     pam_sm_authenticate(3PAM) call. The SAMPLE module  implemen-
     tation  of  the  pam_sm_authenticate(3PAM) function compares
     the user entered password  with  the  password  set  in  the
     pam.conf(4) file, or the string test if a default test pass-
     word has not been set. The following options can  be  passed
     in to the SAMPLE Authentication module:

     debug              Syslog  debugging  information   at   the
                        LOG_DEBUG level.


     pass=newone        Sets the password to be newone.


     first_pass_good    The first password is  always  good  when
                        used    with    the   use_first_pass   or
                        try_first_pass option.


     first_pass_bad     The first password  is  always  bad  when
                        used    with    the   use_first_pass   or
                        try_first_pass option.


     always_fail        Always returns PAM_AUTH_ERR.


     always_succeed     Always returns PAM_SUCCESS.


     always_ignore      Always returns PAM_IGNORE.


     use_first_pass     Use the user's initial password  (entered
                        when  the  user  is  authenticated to the



SunOS 5.11           Last change: 2 Feb 2010                    1






Standards, Environments, and Macros                 pam_sample(5)



                        first authentication module in the stack)
                        to  authenticate  with the SAMPLE module.
                        If the passwords do not match, or if this
                        is the first authentication module in the
                        stack, quit and do not  prompt  the  user
                        for  a  password.  It is recommended that
                        this option only be used  if  the  SAMPLE
                        authentication  module  is  designated as
                        optional in  the  pam.conf  configuration
                        file.


     try_first_pass     Use the user's initial password  (entered
                        when  the  user  is  authenticated to the
                        first authentication module in the stack)
                        to  authenticate  with the SAMPLE module.
                        If the passwords do not match, or if this
                        is the first authentication module in the
                        stack, prompt the user for a password.

                        The  SAMPLE  module  pam_sm_setcred(3PAM)
                        function always returns PAM_SUCCESS.


SAMPLE ACCOUNT MANAGEMENT COMPONENT
     The SAMPLE Account Management Component implements a  simple
     access  control  scheme that limits machine access to a list
     of authorized users. The list of authorized  users  is  sup-
     plied  as  option  arguments  to  the  entry  for the SAMPLE
     account management PAM module in  the  pam.conf  file.  Note
     that  the  module  always  permits  access to the root super
     user.


     The option field syntax to  limit  access  is  shown  below:
     allow= name[,name] allow= name [allow=name]


     The example pam.conf show below permits only larry to  login
     directly.  rlogin  is allowed only for don and larry. Once a
     user is logged in, the user can use su if the user  are  sam
     or eric.



     login    account   require   pam_sample.so.1   allow=larry
     gdm      account   require   pam_sample.so.1   allow=larry
     rlogin   account   require   pam_sample.so.1   allow=don allow=larry
     su       account   require   pam_sample.so.1   allow=sam,eric






SunOS 5.11           Last change: 2 Feb 2010                    2






Standards, Environments, and Macros                 pam_sample(5)



     The debug and nowarn options are also supported.

SAMPLE PASSWORD MANAGEMENT COMPONENT
     The  SAMPLE  Password  Management   Component   function   (
     pam_sm_chauthtok(3PAM)), always returns PAM_SUCCESS.

SAMPLE SESSION MANAGEMENT COMPONENT
     The  SAMPLE  Session  Management   Component   functions   (
     pam_sm_open_session(3PAM),       pam_sm_close_session(3PAM))
     always return PAM_SUCCESS.

ATTRIBUTES
     See attributes(5) for description of  the  following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE                ATTRIBUTE VALUE       |
    | MT Level                      MT-Safe with exceptions     |
    |___________________________________________________________|


SEE ALSO
     pam(3PAM),                        pam_sm_authenticate(3PAM),
     pam_sm_chauthtok(3PAM),          pam_sm_close_session(3PAM),
     pam_sm_open_session(3PAM),             pam_sm_setcred(3PAM),
     libpam(3LIB), pam.conf(4), attributes(5)

WARNINGS
     This module should never be used outside of a  closed  debug
     environment.   The   examples   of  the  use_first_pass  and
     try_first_pass options are obsolete for  all  other  Solaris
     delivered PAM service modules

NOTES
     The interfaces in libpam() are MT-Safe only if  each  thread
     within  the multi-threaded application uses its own PAM han-
     dle.
















SunOS 5.11           Last change: 2 Feb 2010                    3