Print this page
10229 Some man pages have incorrect cross-references
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/man/man5/pam_timestamp.5
+++ new/usr/src/man/man5/pam_timestamp.5
1 1 .\"
2 2 .\" This file and its contents are supplied under the terms of the
3 3 .\" Common Development and Distribution License ("CDDL"), version 1.0.
4 4 .\" You may only use this file in accordance with the terms of version
5 5 .\" 1.0 of the CDDL.
6 6 .\"
7 7 .\" A full copy of the text of the CDDL should have accompanied this
8 8 .\" source. A copy of the CDDL is also available via the Internet at
9 9 .\" http://www.illumos.org/license/CDDL.
10 10 .\"
11 11 .\" Copyright 2014 Nexenta Systems, Inc.
12 12 .\"
13 13 .Dd Nov 26, 2017
14 14 .Dt PAM_TIMESTAMP 5
15 15 .Os
16 16 .Sh NAME
17 17 .Nm pam_timestamp
18 18 .Nd PAM authentication module using cached successful authentication attempts
19 19 .Sh SYNOPSIS
20 20 .Nm pam_timestamp.so.1
21 21 .Op Ar debug
22 22 .Op Ar timeout=min
23 23 .Sh DESCRIPTION
24 24 The
25 25 .Nm
26 26 module caches successful tty-based authentication attempts by
27 27 creating user's directories and per tty timestamp files in the
28 28 common timestamp directory
29 29 .Pa /var/run/tty_timestamps .
30 30 Next authentication, if the timestamp file exist and not expired,
31 31 the user will not be asked for a password, otherwise timestamp
32 32 file will be deleted and user will be prompted to enter a password.
33 33 .Lp
34 34 The PAM items
35 35 .Dv PAM_USER ,
36 36 .Dv PAM_AUSER
37 37 and
38 38 .Dv PAM_TTY
39 39 are used by this module.
40 40 .Sy pam_timestamp
41 41 is normally configured as
42 42 .Sy sufficient
43 43 and must be used in conjunction with the modules that support
44 44 the UNIX authentication, which are
45 45 .Xr pam_authtok_get 5 ,
46 46 .Xr pam_unix_cred 5
|
↓ open down ↓ |
46 lines elided |
↑ open up ↑ |
47 47 and
48 48 .Xr pam_unix_auth 5 .
49 49 Proper authentication operation requires
50 50 .Xr pam_unix_cred 5
51 51 be stacked above
52 52 .Nm .
53 53 .Sh OPTIONS
54 54 .Bl -tag -width Ds
55 55 .It Dv debug
56 56 Provides
57 -.Xr syslog 3
57 +.Xr syslog 3C
58 58 debugging information at the
59 59 .Sy LOG_AUTH | LOG_DEBUG
60 60 level.
61 61 .It Dv timeout
62 62 Specifies the period (in minutes) for which the timestamp file is valid.
63 63 The default value is 5 minutes.
64 64 .El
65 65 .Sh FILES
66 66 .Bl -tag -width indent
67 67 .It Pa /var/run/tty_timestamps/...
68 68 stores timestamp directories and files
69 69 .El
70 70 .Sh EXIT STATUS
71 71 .Bl -tag -width Ds
72 72 .It Dv PAM_SUCCESS
73 73 Timestamp file is not expired.
74 74 .It Dv PAM_IGNORE
75 75 The
76 76 .Nm
77 77 module was not able to retrieve required credentials
78 78 or timestamp file is expired or corrupt.
79 79 .El
80 80 .Sh EXAMPLES
81 81 .Ss Example 1 Allowing su authentication
82 82 .
83 83 The following example is a
84 84 .Xr pam.conf 4
85 85 fragment that illustrates default settings for allowing
86 86 .Xr su 1M
87 87 authentication:
88 88 .Bd -literal -offset indent
89 89 su auth required pam_unix_cred.so.1
90 90 su auth sufficient pam_timestamp.so.1
91 91 su auth requisite pam_authtok_get.so.1
92 92 su auth required pam_unix_auth.so.1
93 93 .Ed
94 94 .Ss Example 2 Changing default timeout
95 95 .
96 96 The default timeout set to 10 minutes:
97 97 .Bd -literal -offset indent
98 98 su auth required pam_unix_cred.so.1
99 99 su auth sufficient pam_timestamp.so.1 timeout=10
100 100 su auth requisite pam_authtok_get.so.1
101 101 su auth required pam_unix_auth.so.1
102 102 .Ed
103 103 .Sh INTERFACE STABILITY
104 104 .Sy Uncommitted .
105 105 .Sh MT LEVEL
106 106 .Sy MT-Safe .
107 107 .Sh SEE ALSO
108 108 .Xr su 1M ,
109 109 .Xr syslog 3C ,
110 110 .Xr pam 3PAM ,
111 111 .Xr pam_sm_authenticate 3PAM ,
112 112 .Xr pam_sm_setcred 3PAM ,
113 113 .Xr pam.conf 4
|
↓ open down ↓ |
46 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX