xref: /freebsd-src/lib/libpam/modules/pam_unix/pam_unix.8 (revision e8b02a428dcde07c037dfedfe1d90fa18fa6876a) 
1.\" Copyright (c) 2001 Mark R V Murray
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd July 7, 2001
28.Dt PAM_UNIX 8
29.Os
30.Sh NAME
31.Nm pam_unix
32.Nd UNIX PAM module
33.Sh SYNOPSIS
34.Op Ar service-name
35.Ar module-type
36.Ar control-flag
37.Pa pam_unix
38.Op Ar options
39.Sh DESCRIPTION
40The
41.Ux
42authentication service module for PAM,
43.Nm
44provides functionality for two PAM categories:
45authentication
46and account management.
47In terms of the
48.Ar module-type
49parameter, they are the
50.Dq Li auth
51and
52.Dq Li account
53features.
54It also provides a null function for session management.
55.Ss Ux Ss Authentication Module
56The
57.Ux
58authentication component
59provides functions to verify the identity of a user
60.Pq Fn pam_sm_authenticate ,
61which obtains the relevant
62.Xr passwd 5
63entry.
64It prompts the user for a password
65and verifies that this is correct with
66.Xr crypt 3 .
67.Pp
68The following options may be passed to the authentication module:
69.Bl -tag -width ".Cm use_first_pass"
70.It Cm debug
71.Xr syslog 3
72debugging information at
73.Dv LOG_DEBUG
74level.
75.It Cm use_first_pass
76If the authentication module
77is not the first in the stack,
78and a previous module
79obtained the user's password,
80that password is used
81to authenticate the user.
82If this fails,
83the authentication module returns failure
84without prompting the user for a password.
85This option has no effect
86if the authentication module
87is the first in the stack,
88or if no previous modules
89obtained the user's password.
90.It Cm try_first_pass
91This option is similar to the
92.Cm use_first_pass
93option,
94except that if the previously obtained password fails,
95the user is prompted for another password.
96.It Cm auth_as_self
97This option will require the user
98to authenticate themself as the user
99given by
100.Xr getuid 2 ,
101not as the account they are attempting to access.
102This is primarily for services like
103.Xr su 1 ,
104where the user's ability to retype
105their own password
106might be deemed sufficient.
107.It Cm nullok
108If the password database
109has no password
110for the entity being authenticated,
111then this option
112will forgo password prompting,
113and silently allow authentication to succeed.
114.El
115.Ss Ux Ss Account Management Module
116The
117.Ux
118account management component
119provides a function to perform account management,
120.Fn pam_sm_acct_mgmt .
121The function verifies
122that the authenticated user
123is allowed to login to the local user account
124by checking the password expiry date.
125.Pp
126The following options may be passed to the management module:
127.Bl -tag -width ".Cm use_first_pass"
128.It Cm debug
129.Xr syslog 3
130debugging information at
131.Dv LOG_DEBUG
132level.
133.El
134.Sh FILES
135.Bl -tag -width ".Pa /etc/master.passwd" -compact
136.It Pa /etc/master.passwd
137default
138.Ux
139password database.
140.El
141.Sh SEE ALSO
142.Xr passwd 1 ,
143.Xr getuid 2 ,
144.Xr crypt 3 ,
145.Xr syslog 3 ,
146.Xr pam.conf 5 ,
147.Xr passwd 5 ,
148.Xr pam 8
149