1 .\" Copyright (c) 2001 Mark R V Murray
2 .\" All rights reserved.
3 .\" Copyright (c) 2001 Networks Associates Technology, Inc.
4 .\" All rights reserved.
6 .\" This software was developed for the FreeBSD Project by ThinkSec AS and
7 .\" NAI Labs, the Security Research Division of Network Associates, Inc.
8 .\" under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the
9 .\" DARPA CHATS research program.
11 .\" Redistribution and use in source and binary forms, with or without
12 .\" modification, are permitted provided that the following conditions
14 .\" 1. Redistributions of source code must retain the above copyright
15 .\" notice, this list of conditions and the following disclaimer.
16 .\" 2. Redistributions in binary form must reproduce the above copyright
17 .\" notice, this list of conditions and the following disclaimer in the
18 .\" documentation and/or other materials provided with the distribution.
19 .\" 3. The name of the author may not be used to endorse or promote
20 .\" products derived from this software without specific prior written
23 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
24 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
27 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 .\" $FreeBSD: src/lib/libpam/modules/pam_unix/pam_unix.8,v 1.11 2005/01/21 10:44:10 ru Exp $
36 .\" $DragonFly: src/lib/pam_module/pam_unix/pam_unix.8,v 1.1 2005/08/01 16:15:19 joerg Exp $
53 authentication service module for PAM,
55 provides functionality for two PAM categories:
57 and account management.
60 parameter, they are the
65 It also provides a null function for session management.
66 .Ss Ux Ss Authentication Module
69 authentication component
70 provides functions to verify the identity of a user
71 .Pq Fn pam_sm_authenticate ,
72 which obtains the relevant
75 It prompts the user for a password
76 and verifies that this is correct with
79 The following options may be passed to the authentication module:
80 .Bl -tag -width ".Cm use_first_pass"
83 debugging information at
87 If the authentication module
88 is not the first in the stack,
90 obtained the user's password,
92 to authenticate the user.
94 the authentication module returns failure
95 without prompting the user for a password.
96 This option has no effect
97 if the authentication module
98 is the first in the stack,
99 or if no previous modules
100 obtained the user's password.
101 .It Cm try_first_pass
102 This option is similar to the
105 except that if the previously obtained password fails,
106 the user is prompted for another password.
108 This option will require the user
109 to authenticate himself as the user
112 not as the account they are attempting to access.
113 This is primarily for services like
115 where the user's ability to retype
117 might be deemed sufficient.
119 If the password database
121 for the entity being authenticated,
123 will forgo password prompting,
124 and silently allow authentication to succeed.
126 Use only the local password database,
127 even if NIS is in use.
128 This will cause an authentication failure
129 if the system is configured
132 Use only the NIS password database.
133 This will cause an authentication failure
134 if the system is not configured
137 .Ss Ux Ss Account Management Module
140 account management component
141 provides a function to perform account management,
142 .Fn pam_sm_acct_mgmt .
143 The function verifies
144 that the authenticated user
145 is allowed to login to the local user account
146 by checking the password expiry date.
148 The following options may be passed to the management module:
149 .Bl -tag -width ".Cm use_first_pass"
152 debugging information at
156 .Ss Ux Ss Password Management Module
159 password management component
160 provides a function to perform account management,
161 .Fn pam_sm_chauthtok .
165 The following options may be passed to the password module:
166 .Bl -tag -width ".Cm use_first_pass"
169 debugging information at
173 suppress warning messages to the user.
174 These messages include
175 reasons why the user's
176 authentication attempt was declined.
178 forces the password module
179 to change a local password
180 in favour of a NIS one.
182 forces the password module
183 to change a NIS password
184 in favour of a local one.
187 .Bl -tag -width ".Pa /etc/master.passwd" -compact
188 .It Pa /etc/master.passwd
199 .Xr nsswitch.conf 5 ,