Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   20441 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

pam_sample(5)	      Standards, Environments, and Macros	 pam_sample(5)

NAME
       pam_sample - a sample PAM module

SYNOPSIS
       /usr/lib/security/pam_sample.so.1

DESCRIPTION
       The  SAMPLE  service  module  for  PAM is divided into four components:
       authentication, account management, password  management,  and  session
       management.  The	 sample	 module is a shared object that is dynamically
       loaded to provide the necessary functionality.

SAMPLE AUTHENTICATION COMPONENT
       The SAMPLE authentication module provides functions  to	test  the  PAM
       framework  functionality	 using the pam_sm_authenticate(3PAM) call. The
       SAMPLE module implementation of the pam_sm_authenticate(3PAM)  function
       compares	 the  user  entered  password  with  the  password  set in the
       pam.conf(4) file, or the string test if a default test password has not
       been  set. The following options can be passed in to the SAMPLE Authen‐
       tication module:

       debug		  Syslog debugging information at the LOG_DEBUG level.

       pass=newone	  Sets the password to be newone.

       first_pass_good	  The first password is always good when used with the
			  use_first_pass or try_first_pass option.

       first_pass_bad	  The  first password is always bad when used with the
			  use_first_pass or try_first_pass option.

       always_fail	  Always returns PAM_AUTH_ERR.

       always_succeed	  Always returns PAM_SUCCESS.

       always_ignore	  Always returns PAM_IGNORE.

       use_first_pass	  Use the user's initial password  (entered  when  the
			  user	is  authenticated  to the first authentication
			  module in the stack) to authenticate with the SAMPLE
			  module. If the passwords do not match, or if this is
			  the first authentication module in the  stack,  quit
			  and  do  not	prompt	the user for a password. It is
			  recommended that this option only  be	 used  if  the
			  SAMPLE   authentication   module  is	designated  as
			  optional in the pam.conf configuration file.

       try_first_pass	  Use the user's initial password  (entered  when  the
			  user	is  authenticated  to the first authentication
			  module in the stack) to authenticate with the SAMPLE
			  module. If the passwords do not match, or if this is
			  the first authentication module in the stack, prompt
			  the user for a password.

			  The	SAMPLE	module	pam_sm_setcred(3PAM)  function
			  always returns PAM_SUCCESS.

SAMPLE ACCOUNT MANAGEMENT COMPONENT
       The SAMPLE Account Management Component implements a simple access con‐
       trol  scheme  that limits machine access to a list of authorized users.
       The list of authorized users is supplied as  option  arguments  to  the
       entry  for  the	SAMPLE	account	 management PAM module in the pam.conf
       file. Note that the module always permits  access  to  the  root	 super
       user.

       The  option  field  syntax  to  limit  access  is  shown	 below: allow=
       name[,name] allow= name [allow=name]

       The example pam.conf show below permits only larry to  login  directly.
       rlogin is allowed only for don and larry. Once a user is logged in, the
       user can use su if the user are sam or eric.

       login	account	  require   pam_sample.so.1   allow=larry
       gdm	account	  require   pam_sample.so.1   allow=larry
       rlogin	account	  require   pam_sample.so.1   allow=don allow=larry
       su	account	  require   pam_sample.so.1   allow=sam,eric

       The debug and nowarn options are also supported.

SAMPLE PASSWORD MANAGEMENT COMPONENT
       The SAMPLE Password  Management	Component  function  (	pam_sm_chauth‐
       tok(3PAM)), always returns PAM_SUCCESS.

SAMPLE SESSION MANAGEMENT COMPONENT
       The  SAMPLE  Session  Management Component functions ( pam_sm_open_ses‐
       sion(3PAM), pam_sm_close_session(3PAM)) always return PAM_SUCCESS.

ATTRIBUTES
       See attributes(5) for description of the following attributes:

       ┌───────────────────────────────────────────────────────────┐
       │      ATTRIBUTE TYPE		    ATTRIBUTE VALUE	   │
       │MT Level		      MT-Safe with exceptions	   │
       └───────────────────────────────────────────────────────────┘

SEE ALSO
       pam(3PAM),      pam_sm_authenticate(3PAM),      pam_sm_chauthtok(3PAM),
       pam_sm_close_session(3PAM),    pam_sm_open_session(3PAM),   pam_sm_set‐
       cred(3PAM), libpam(3LIB), pam.conf(4), attributes(5)

WARNINGS
       This module should never be used outside of a closed debug environment.
       The examples of the use_first_pass and try_first_pass options are obso‐
       lete for all other Solaris delivered PAM service modules

NOTES
       The interfaces in libpam() are MT-Safe only if each thread  within  the
       multi-threaded application uses its own PAM handle.

SunOS 5.11			  2 Feb 2010			 pam_sample(5)

Vote for polarhome