1 PAM_TIMESTAMP(5)      Standards, Environments, and Macros     PAM_TIMESTAMP(5)
   2 
   3 NAME
   4      pam_timestamp - PAM authentication module using cached successful
   5      authentication attempts
   6 
   7 SYNOPSIS
   8      pam_timestamp.so.1 [debug] [timeout=min]
   9 
  10 DESCRIPTION
  11      The pam_timestamp module caches successful tty-based authentication
  12      attempts by creating user's directories and per tty timestamp files in
  13      the common timestamp directory /var/run/tty_timestamps.  Next
  14      authentication, if the timestamp file exist and not expired, the user
  15      will not be asked for a password, otherwise timestamp file will be
  16      deleted and user will be prompted to enter a password.
  17 
  18      The PAM items PAM_USER, PAM_AUSER and PAM_TTY are used by this module.
  19      pam_timestamp is normally configured as sufficient and must be used in
  20      conjunction with the modules that support the UNIX authentication, which
  21      are pam_authtok_get(5), pam_unix_cred(5) and pam_unix_auth(5).  Proper
  22      authentication operation requires pam_unix_cred(5) be stacked above
  23      pam_timestamp.
  24 
  25 OPTIONS
  26      debug   Provides syslog(3C) debugging information at the LOG_AUTH |
  27              LOG_DEBUG level.
  28 
  29      timeout
  30              Specifies the period (in minutes) for which the timestamp file is
  31              valid.  The default value is 5 minutes.
  32 
  33 FILES
  34      /var/run/tty_timestamps/...
  35              stores timestamp directories and files
  36 
  37 EXIT STATUS
  38      PAM_SUCCESS
  39              Timestamp file is not expired.
  40 
  41      PAM_IGNORE
  42              The pam_timestamp module was not able to retrieve required
  43              credentials or timestamp file is expired or corrupt.
  44 
  45 EXAMPLES
  46    Example 1 Allowing su authentication
  47      The following example is a pam.conf(4) fragment that illustrates default
  48      settings for allowing su(1M) authentication:
  49 
  50            su  auth required       pam_unix_cred.so.1
  51            su  auth sufficient     pam_timestamp.so.1
  52            su  auth requisite      pam_authtok_get.so.1
  53            su  auth required       pam_unix_auth.so.1
  54 
  55    Example 2 Changing default timeout
  56      The default timeout set to 10 minutes:
  57 
  58            su  auth required       pam_unix_cred.so.1
  59            su  auth sufficient     pam_timestamp.so.1      timeout=10
  60            su  auth requisite      pam_authtok_get.so.1
  61            su  auth required       pam_unix_auth.so.1
  62 
  63 INTERFACE STABILITY
  64      Uncommitted.
  65 
  66 MT LEVEL
  67      MT-Safe.
  68 
  69 SEE ALSO
  70      su(1M), syslog(3C), pam(3PAM), pam_sm_authenticate(3PAM),
  71      pam_sm_setcred(3PAM), pam.conf(4)
  72 
  73 illumos                        November 26, 2017                       illumos