pam_sample(5)




NAME

     pam_sample - a sample PAM module


SYNOPSIS

     /usr/lib/security/pam_sample.so.1


DESCRIPTION

     The SAMPLE service module for  PAM  is  divided   into  four
     components:  authentication,  account  management,  password
     management, and session management. The sample module  is  a
     shared  object  that  is  dynamically  loaded to provide the
     necessary functionality.


SAMPLE Authentication Component

     The     SAMPLE     authentication     module,      typically
     /usr/lib/security/pam_sample.so.1,   provides  functions  to
     test   the    PAM   framework   functionality   using    the
     pam_sm_authenticate(3PAM)  call. The SAMPLE module implemen-
     tation of the  pam_sm_authenticate(3PAM)  function  compares
     the  user  entered  password  with  the  password set in the
     pam.conf(4) file, or the string "test"  if  a  default  test
     password  has  not  been  set.  The following options may be
     passed in to the SAMPLE Authentication module:

     debug Syslog debugging information at the  LOG_DEBUG level.

     passwd=newone
           Sets the password to be "newone."

     first_pass_good
           The first password is always good when used  with  the
           use_first_pass or  try_first_pass option.

     first_pass_bad
           The first password is always bad when  used  with  the
           use_first_pass or  try_first_pass option.

     always_fail
           Always returns  PAM_AUTH_ERR.

     always_succeed
           Always returns  PAM_SUCCESS.

     always_ignore
           Always returns  PAM_IGNORE.

     use_first_pass
           Use the user's initial password (entered when the user
           is authenticated to the first authentication module in
           the stack) to authenticate with  the   SAMPLE  module.
           If the passwords do not match, or if this is the first
           authentication module in the  stack, quit and  do  not
           prompt the user for a password. It is recommended that
           this option only be used if the SAMPLE  authentication
           module  is designated as optional in the pam.conf con-
           figuration file.

     try_first_pass
           Use the user's  initial  password  (entered  when  the
           user  is  authenticated  to  the  first authentication
           module in the stack) to authenticate with  the  SAMPLE
           module.  If  the passwords do not match, or if this is
           the first authentication module  in the stack,  prompt
           the   user   for   a   password.   The  SAMPLE  module
           pam_sm_setcred(3PAM)    function    always     returns
           PAM_SUCCESS.


SAMPLE Account Management Component

     The   SAMPLE   Account   Management   Component,   typically
     pam_sample.so.1,  implements  a simple access control scheme
     that limits machine access to a list  of  authorized  users.
     The list of authorized users is supplied as option arguments
     to the entry for the SAMPLE account management   PAM  module
     in  the  pam.conf  file. Note that the module always permits
     access to the root super user.

     The option field syntax to  limit  access  is  shown  below:
     allow= name[,name] allow= name [allow=name]

     The example pam.conf show below permits only larry to  login
     directly.  rlogin  is allowed only for don and larry. Once a
     user is logged in, the user  can use su if the user  are sam
     or eric.

     login         account       require       pam_sample.so.1   allow=larry
     dtlogin       account       require       pam_sample.so.1   allow=larry
     rlogin        account       require       pam_sample.so.1   allow=don allow=larry
     su            account       require       pam_sample.so.1   allow=sam,eric

     The debug and nowarn options are also supported.


SAMPLE Password Management Component

     The  SAMPLE  Password  Management   Component   function   (
     pam_sm_chauthtok(3PAM)), always returns  PAM_SUCCESS.


SAMPLE Session Management Component

     The  SAMPLE  Session  Management   Component   functions   (
     pam_sm_open_session(3PAM),       pam_sm_close_session(3PAM))
     always return  PAM_SUCCESS.


ATTRIBUTES

     See attributes(5) for description of  the  following  attri-
     butes:
     ____________________________________________________________
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | MT Level                    | MT-Safe with exceptions     |
    |_____________________________|_____________________________|


SEE ALSO

     pam(3PAM),                        pam_sm_authenticate(3PAM),
     pam_sm_chauthtok(3PAM),          pam_sm_close_session(3PAM),
     pam_sm_open_session(3PAM),             pam_sm_setcred(3PAM),
     libpam(3LIB), pam.conf(4), attributes(5)


NOTES

     The interfaces in  libpam() are MT-Safe only if each  thread
     within the multi-threaded application uses its own  PAM han-
     dle.


Man(1) output converted with man2html