Manual Pages for UNIX Operating System command usage for man pam_unix_auth

Standards, Environments, and Macros              pam_unix_auth(5)



NAME
     pam_unix_auth - PAM authentication module for UNIX

SYNOPSIS
     pam_unix_auth.so.1


DESCRIPTION
     The pam_unix_auth module  implements  pam_sm_authenticate(),
     which  provides  functionality  to  the  PAM  authentication
     stack. It provides functions that use  crypt(3C)  to  verify
     that  the  password contained in the PAM item PAM_AUTHTOK is
     the correct password for the  user  specified  in  the  item
     PAM_USER.  If PAM_REPOSITORY is specified, then user's pass-
     word is fetched from that repository. Otherwise, the default
     nsswitch.conf(4) repository is searched for that user.


     For accounts in the name services  which  support  automatic
     account  locking,  the  account  may  be  configured  to  be
     automatically locked (see user_attr(4)  and  policy.conf(4))
     after multiple failed login attempts.  For accounts that are
     configured for automatic locking, if authentication  failure
     is  to  be returned, the failed login counter is incremented
     upon each failure. If  the  number  of  successive  failures
     equals  or  exceeds  RETRIES  as  defined  in  login(1), the
     account is locked and PAM_MAXTRIES is  returned.  Currently,
     only  the  "files"  repository (see passwd(4) and shadow(4))
     supports automatic account locking. A successful authentica-
     tion  by  this  module  clears  the failed login counter and
     reports the number of failed attempts since  the  last  suc-
     cessful authentication.


     Authentication   service   modules   must   implement   both
     pam_sm_authenticate()  and  pam_sm_setcred().  To  allow the
     authentication  portion  of  UNIX   authentication   to   be
     replaced,  pam_sm_setcred()  in  this  module always returns
     PAM_IGNORE.   This   module   should   be    stacked    with
     pam_unix_cred(5)   to   ensure   a  successful  return  from
     pam_setcred(3PAM).


     The following options can be passed to the module:

     nowarn

         Turn off warning messages.


     server_policy




SunOS 5.11          Last change: 23 Apr 2008                    1






Standards, Environments, and Macros              pam_unix_auth(5)



         If the account authority for the user, as  specified  by
         PAM_USER, is a server, do not apply the UNIX policy from
         the passwd entry in the name service switch.


     nolock

         Regardless of the automatic account locking setting  for
         the account, do not lock the account, increment or clear
         the failed login count. The  nolock  option  allows  for
         exempting account locking on a per service basis.


ERRORS
     The   following    error    codes    are    returned    from
     pam_sm_authenticate():

     PAM_AUTH_ERR

         Authentication failure.


     PAM_BUF_ERR

         Memory buffer error.


     PAM_IGNORE

         Ignores module, not participating in result.


     PAM_MAXTRIES

         Maximum number of retries exceeded.


     PAM_PERM_DENIED

         Permission denied.


     PAM_SUCCESS

         Successfully obtains authentication token.


     PAM_SYSTEM_ERR

         System error.





SunOS 5.11          Last change: 23 Apr 2008                    2






Standards, Environments, and Macros              pam_unix_auth(5)



     PAM_USER_UNKNOWN

         No account present for user.



     The   following    error    codes    are    returned    from
     pam_sm_setcred():

     PAM_IGNORE

         Ignores this module regardless of the control flag.


ATTRIBUTES
     See attributes(5) for descriptions of the  following  attri-
     butes:



     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    |_____________________________|_____________________________|
    | Interface Stability         | Committed                   |
    |_____________________________|_____________________________|
    | MT Level                    | MT-Safe with exceptions     |
    |_____________________________|_____________________________|


SEE ALSO
     login(1), passwd(1), useradd(1M), usermod(1M),  roleadd(1M),
     rolemod(1M),     crypt(3C),     libpam(3LIB),     pam(3PAM),
     pam_authenticate(3PAM),    pam_setcred(3PAM),    syslog(3C),
     pam.conf(4),  passwd(4),  policy.conf(4),  nsswitch.conf(4),
     shadow(4),           user_attr(4),            attributes(5),
     pam_authtok_check(5),                    pam_authtok_get(5),
     pam_authtok_store(5),   pam_dhkeys(5),   pam_passwd_auth(5),
     pam_unix_account(5), pam_unix_session(5)

NOTES
     The interfaces in libpam(3LIB)  are  MT-Safe  only  if  each
     thread  within  the  multi-threaded application uses its own
     PAM handle.


     The pam_unix(5) module is no longer supported. Similar func-
     tionality     is     provided    by    pam_authtok_check(5),
     pam_authtok_get(5),   pam_authtok_store(5),   pam_dhkeys(5),
     pam_passwd_auth(5),pam_setcred(3PAM),   pam_unix_account(5),
     pam_unix_cred(5), pam_unix_session(5).





SunOS 5.11          Last change: 23 Apr 2008                    3






Standards, Environments, and Macros              pam_unix_auth(5)



     If the PAM_REPOSITORY item_type is set and a service  module
     does  not  recognize  the  type, the service module does not
     process any information,  and  returns  PAM_IGNORE.  If  the
     PAM_REPOSITORY  item_type  is not set, a service module per-
     forms its default action.


















































SunOS 5.11          Last change: 23 Apr 2008                    4