Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   31559 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

pam_unix(5)							   pam_unix(5)

NAME
       pam_unix	 -  authentication,  account, session, and password management
       PAM modules for UNIX

SYNOPSIS
       /usr/lib/security/pam_unix.so

DESCRIPTION
       The UNIX service module for  PAM,  /usr/lib/security/pam_unix.so,  pro‐
       vides  functionality  for all four PAM modules: The authentication mod‐
       ule, the account management module, the session management module,  and
       the  password  management  module.   The pam_unix.so module is a shared
       object that can be dynamically loaded to provide	 the  necessary	 func‐
       tionality  upon demand.	Its path is specified in the PAM configuration
       file.

Unix Authentication Module
       The UNIX authentication component  provides  functions  to  verify  the
       identity	 of  a	user, (pam_sm_authenticate()) and to set user specific
       credentials  (pam_sm_setcred()).	  pam_sm_authenticate()	 compares  the
       user  entered  password	with the password from UNIX password database.
       If the passwords match,	the  user  is  authenticated.	The  following
       options may be passed to the UNIX service module:

	      debug	     syslog(3)	 debugging  information	 at  LOG_DEBUG
			     level

	      nowarn	     turn off warning messages

	      use_first_pass It compares the password in the password database
			     with  the	user's	initial password (entered when
			     the user authenticated to the  first  authentica‐
			     tion  module  in the stack).  If the passwords do
			     not match, or if no password  has	been  entered,
			     quit  and	do not prompt the user for a password.
			     This option should only be used if the  authenti‐
			     cation  service  is designated as optional in the
			     pam.conf configuration file.

	      try_first_pass It compares the password in the password database
			     with  the	user's	initial password (entered when
			     the user authenticated to the  first  authentica‐
			     tion  module  in the stack).  If the passwords do
			     not match, or if no password  has	been  entered,
			     prompt the user for a password.

       The  pam_sm_setcred()  function	sets  user  specific credentials.  For
       UNIX, this is a NULL function.

Unix Account Management Module
       The UNIX account management component provides a	 function  to  perform
       account	management (pam_sm_acct_mgmt()).  The pam_sm_acct_mgmt() func‐
       tion retrieves the user's password entry from the UNIX  password	 data‐
       base  and  verifies  that  the  user's  account	and  password have not
       expired.	 The following option may be passed in	to  the	 UNIX  service
       module:

	      debug	     syslog(3)	 debugging  information	 at  LOG_DEBUG
			     level

	      nowarn	     turn off warning messages

Unix Session Management Module
       The UNIX session management component provides  functions  to  initiate
       (pam_sm_open_session())	and  terminate	(pam_sm_close_session())  UNIX
       sessions.  Currently for UNIX, these functions are empty.  The  follow‐
       ing option may be passed in to the UNIX service module:

	      debug	     syslog(3)	 debugging  information	 at  LOG_DEBUG
			     level

	      nowarn	     turn off warning messages

Unix Password Management Module
       The UNIX password management component provides a  function  to	change
       passwords (pam_sm_chauthtok()) in the UNIX password database.

       This  module  must  be required in pam.conf.  It can not be optional or
       sufficient.

       The following option may be passed in to the UNIX service module:

	      debug	     syslog(3)	debugging  information	at   LOG_DEBUG
			     level

	      nowarn	     turn off warning messages

	      use_first_pass It compares the password in the password database
			     with the user's  old  password  (entered  to  the
			     first  password  module  in  the  stack).	If the
			     passwords do not match, or	 if  no	 password  has
			     been entered, quit and do not prompt the user for
			     the old password.	It also attempts  to  use  the
			     new  password (entered to the first password mod‐
			     ule in the stack) as the new  password  for  this
			     module.   If  the new password fails, quit and do
			     not prompt the user for a new password.

	      try_first_pass It compares the password in the password database
			     with  the	user's	old  password  (entered to the
			     first password module  in	the  stack).   If  the
			     passwords	do  not	 match,	 or if no password has
			     been entered, prompt the user for the  old	 pass‐
			     word.   It	 also attempts to use the new password
			     (entered to the  first  password  module  in  the
			     stack)  as	 the new password for this module.  If
			     the new password fails, prompt the user for a new
			     password.

SEE ALSO
       pam(3), pam_authenticate(3), pam_setcred(3), syslog(3), pam.conf(4)

				19 October 1995			   pam_unix(5)

Vote for polarhome