1 PAM_TIMESTAMP(5) Standards, Environments, and Macros PAM_TIMESTAMP(5) 2 3 NAME 4 pam_timestamp - PAM authentication module using cached successful 5 authentication attempts 6 7 SYNOPSIS 8 pam_timestamp.so.1 [debug] [timeout=min] 9 10 DESCRIPTION 11 The pam_timestamp module caches successful tty-based authentication 12 attempts by creating user's directories and per tty timestamp files in 13 the common timestamp directory /var/run/tty_timestamps. Next 14 authentication, if the timestamp file exist and not expired, the user 15 will not be asked for a password, otherwise timestamp file will be 16 deleted and user will be prompted to enter a password. 17 18 The PAM items PAM_USER, PAM_AUSER and PAM_TTY are used by this module. 19 pam_timestamp is normally configured as sufficient and must be used in 20 conjunction with the modules that support the UNIX authentication, which 21 are pam_authtok_get(5), pam_unix_cred(5) and pam_unix_auth(5). Proper 22 authentication operation requires pam_unix_cred(5) be stacked above 23 pam_timestamp. 24 25 OPTIONS 26 debug Provides syslog(3C) debugging information at the LOG_AUTH | 27 LOG_DEBUG level. 28 29 timeout 30 Specifies the period (in minutes) for which the timestamp file is 31 valid. The default value is 5 minutes. 32 33 FILES 34 /var/run/tty_timestamps/... 35 stores timestamp directories and files 36 37 EXIT STATUS 38 PAM_SUCCESS 39 Timestamp file is not expired. 40 41 PAM_IGNORE 42 The pam_timestamp module was not able to retrieve required 43 credentials or timestamp file is expired or corrupt. 44 45 EXAMPLES 46 Example 1 Allowing su authentication 47 The following example is a pam.conf(4) fragment that illustrates default 48 settings for allowing su(1M) authentication: 49 50 su auth required pam_unix_cred.so.1 51 su auth sufficient pam_timestamp.so.1 52 su auth requisite pam_authtok_get.so.1 53 su auth required pam_unix_auth.so.1 54 55 Example 2 Changing default timeout 56 The default timeout set to 10 minutes: 57 58 su auth required pam_unix_cred.so.1 59 su auth sufficient pam_timestamp.so.1 timeout=10 60 su auth requisite pam_authtok_get.so.1 61 su auth required pam_unix_auth.so.1 62 63 INTERFACE STABILITY 64 Uncommitted. 65 66 MT LEVEL 67 MT-Safe. 68 69 SEE ALSO 70 su(1M), syslog(3C), pam(3PAM), pam_sm_authenticate(3PAM), 71 pam_sm_setcred(3PAM), pam.conf(4) 72 73 illumos November 26, 2017 illumos