pam_projects(5)
NAME
pam_projects - account management PAM module for projects
SYNOPSIS
/usr/lib/security/pam_projects.so.1
DESCRIPTION
The projects service module for PAM,
/usr/lib/security/pam_projects.so.1, provides functionality
for the account management PAM module. The pam_projects.so.1
module is a shared object that can be dynamically loaded to
provide the necessary functionality upon demand. Its path is
specified in the PAM configuration file.
pam_projects.so.1 is designed to be stacked on top of the
pam_unix_account.so.1 module for all services. This module
is normally configured as "required", implying that any user
lacking a default project will be denied login.
Projects Account Management Module
The project account management component provides a function
to perform account management, pam_sm_acct_mgmt(). This
function uses the getdefaultproj() function (see
getprojent(3PROJECT)) to retrieve the user's default project
entry from the project(4) database. It then sets the project
ID attribute of the calling process, using the settaskid(2)
system call.
If the user does not belong to any project defined in the
project(4) database, or if the settaskid() system call
failed to set the project ID attribute of the calling pro-
cess, the module will display an error message and will
return error code PAM_PERM_DENIED.
ATTRIBUTES
See attributes(5) for description of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| MT-Level | MT-Safe with exceptions |
|_____________________________|_____________________________|
SEE ALSO
settaskid(2), getprojent(3PROJECT), libpam(3LIB), pam(3PAM),
pam_acct_mgmt(3PAM), pam.conf(4), project(4), attributes(5)
, pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),
pam_unix(5), pam_unix_account(5), pam_unix_auth(5),
pam_unix_session(5)
NOTES
The interfaces in libpam(3LIB) are MT-Safe only if each
thread within the multi-threaded application uses its own
PAM handle.
The pam_unix(5) module might not be supported in a future
release. Similar functionality is provided by
pam_authtok_check(5), pam_authtok_get(5),
pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5),
pam_unix_account(5), pam_unix_auth(5), and
pam_unix_session(5).
Man(1) output converted with
man2html