pam_tty_tickets(7) 맨 페이지 - 윈디하나의 솔라나라


맨 페이지 이름


Standards, Environments, Macros, Character Sets, and miscellany

       pam_tty_tickets - PAM authentication module

SYNOPSIS [timeout=minutes] [sudo-compat] [debug]

       The  pam_tty_tickets  module provides a mechanism for checking a ticket
       that was created by  a  prior  successful  authentication.  Tickets  by
       default validity of 5 minutes.

       The  default  ticket  location includes both the source (PAM_AUSER) and
       destination (PAM_USER) as well as the tty (PAM_TTY)  for  which  it  is

       The  module can be configured using the sudo—compat option to store the
       tickets in the same location  as  sudo,  though  use  of  sudo  is  not
       required to use this feature.

       The  pam_sm_setcred()  function  creates  a  ticket for the user in the
       tickets directory.

       The pam_sm_authenticate() function checks the timestamp on  the  ticket
       is  no older than the timeout value, if is then it returns PAM_SUCCESS.
       If it is older then the  ticket  is  removed  and  the  module  returns

       This  module is intended to be placed in the auth stack with the suffi‐
       cient control flag.

       No messages are produced by this  module  using  the  PAM  conversation
       function.  Some  messages are sent to syslog for error conditions as as
       well as messages at LOG_INFO for ticket validity checking

       The following options can be passed to the module:

       debug          Debugging    information    is    sent     to     syslog

       sudo-compat    Location  of the per user (per tty) tickets, matches the
                      sudo location. When this option is set PAM_USER must  be
                      root  other wise the module returns PAM_IGNORE and tick‐
                      ets are not read or created.

       timeout        Validity time in minutes for a ticket. The default is  5

       Example 1 Using the Default Settings

       The  following  is  an  excerpt of a sample pam.conf configuration file
       that has per tty tickets with the default  time  out  (5  minutes)  for
       users authenticating with su(8):

         su auth required
         su auth sufficient
         su auth requisite
         su auth required
         su auth required

       Example 2 Changing the Default Settings

       The  following  example  changes the defaults so that tickets are valid
       for 10 minutes and uses the sudo location:

         su auth required
         su auth sufficient sudo-compat timeout=10
         su auth requisite
         su auth required
         su auth required

       PAM_SUCCESS    Ticket is valid

       PAM_IGNORE     All other cases


           Default ticket location.


           When used sudo-compat is set this file has the same format as those
           created by sudo.

       See attributes(7) for descriptions of the following attributes:

       tab()  box; cw(2.75i) |cw(2.75i) lw(2.75i) |lw(2.75i) ATTRIBUTE TYPEAT‐
       TRIBUTE VALUE _ Interface StabilitySee below.

       The syslog messages are Volatile. The module name, module options,  and
       ticket locations are Committed.

       pam(3PAM),  sudo(8),  pam_sm_authenticate(3PAM),  pam_sm_setcred(3PAM),
       attributes(7), su(8)

Oracle Solaris 11.4               25 Jul 2012               pam_tty_tickets(7)
맨 페이지 내용의 저작권은 맨 페이지 작성자에게 있습니다.