NAME

pam_timestamp — PAM authentication module using cached successful authentication attempts

SYNOPSIS

pam_timestamp.so.1

[debug] [timeout=min]

DESCRIPTION

The pam_timestamp module caches successful tty-based authentication attempts by creating user's directories and per tty timestamp files in the common timestamp directory /var/run/tty_timestamps. Next authentication, if the timestamp file exist and not expired, the user will not be asked for a password, otherwise timestamp file will be deleted and user will be prompted to enter a password.

The PAM items PAM_USER, PAM_AUSER and PAM_TTY are used by this module. pam_timestamp is normally configured as sufficient and must be used in conjunction with the modules that support the UNIX authentication, which are pam_authtok_get(5), pam_unix_cred(5) and pam_unix_auth(5). Proper authentication operation requires pam_unix_cred(5) be stacked above pam_timestamp.

OPTIONS

FILES

EXIT STATUS

EXAMPLES

Example 1 Allowing su authentication

The following example is a pam.conf(4) fragment that illustrates default settings for allowing su(1M) authentication:

su  auth required	pam_unix_cred.so.1 
su  auth sufficient	pam_timestamp.so.1 
su  auth requisite	pam_authtok_get.so.1 
su  auth required	pam_unix_auth.so.1

Example 2 Changing default timeout

The default timeout set to 10 minutes:

su  auth required	pam_unix_cred.so.1 
su  auth sufficient	pam_timestamp.so.1	timeout=10 
su  auth requisite	pam_authtok_get.so.1 
su  auth required	pam_unix_auth.so.1

INTERFACE STABILITY

Uncommitted.

MT LEVEL

MT-Safe.