pam_tsol_account man page on SunOS
Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
SunOS logo
[printable version] 
pam_tsol_account(5)   Standards, Environments, and Macros  pam_tsol_account(5)

NAME
       pam_tsol_account - PAM account management module for Trusted Extensions

SYNOPSIS
       /usr/lib/security/pam_tsol_account.so.1

DESCRIPTION
       The  Solaris  Trusted Extensions service module for PAM, /usr/lib/secu‐
       rity/pam_tsol_account.so.1, checks account limitations that are related
       to labels. The pam_tsol_account.so.1 module is a shared object that can
       be dynamically loaded  to  provide  the	necessary  functionality  upon
       demand. Its path is specified in the PAM configuration file.

       pam_tsol_account.so.1  contains	a  function to perform account manage‐
       ment, pam_sm_acct_mgmt(). The function checks  for  the	allowed	 label
       range  for  the user.  The allowable label range is set by the defaults
       in the label_encodings(4) file. These defaults  can  be	overridden  by
       entries in the user_attr(4) database.

       By  default,  this  module requires that remote hosts connecting to the
       global zone must have a CIPSO host type. To disable  this  policy,  add
       the  allow_unlabeled  keyword as an option to the entry in pam.conf(4),
       as in:

	 other	account required    pam_tsol_account allow_unlabeled

OPTIONS
       The following options can be passed to the module:

       allow_unlabeled	  Allows remote connections from hosts with  unlabeled
			  template types.

       debug		  Provides  debugging  information  at	the  LOG_DEBUG
			  level. See syslog(3C).

RETURN VALUES
       The following values are returned:

       PAM_SUCCESS	  The account is valid for use at this time and label.

       PAM_PERM_DENIED	  The current process  label  is  outside  the	user's
			  label	 range,	 or  the  label	 information  for  the
			  process is unavailable, or the remote host  type  is
			  not valid.

       Other values	  Returns  an error code that is consistent with typi‐
			  cal PAM operations. For information on error-related
			  return values, see the pam(3PAM) man page.

ATTRIBUTES
       See attributes(5) for description of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Committed			   │
       ├─────────────────────────────┼─────────────────────────────┤
       │MT Level		     │MT-Safe with exceptions	   │
       └─────────────────────────────┴─────────────────────────────┘

       The  interfaces	in libpam(3LIB) are MT-Safe only if each thread within
       the multi-threaded application uses its own PAM handle.

SEE ALSO
       keylogin(1),    libpam(3LIB),	pam(3PAM),     pam_sm_acct_mgmt(3PAM),
       pam_start(3PAM),	    syslog(3C),	   label_encodings(4),	  pam.conf(4),
       user_attr(4), attributes(5)

       Chapter 17, Using PAM in System Administration Guide: Security Services

NOTES
       The functionality described on this manual page is  available  only  if
       the system is configured with Trusted Extensions.

SunOS 5.10			  20 Jul 2007		   pam_tsol_account(5)
[top]

List of man pages available for SunOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net