pam_console man page on Oracle

Man page or keyword search:  
man Server   33470 pages
apropos Keyword Search (all sections)
Output format
Oracle logo
[printable version]

pam_console(8)		 System Administrator's Manual		pam_console(8)

       pam_console - determine user owning the system console

       session optional
       auth required

DESCRIPTION  is designed to give users at the physical console (vir‐
       tual terminals and local xdm-managed X sessions by default, but that is
       configurable)  capabilities  that they would not otherwise have, and to
       take those capabilities away when the are no longer logged  in  at  the
       console.	  It provides two main kinds of capabilities: file permissions
       and authentication.

       When a user logs in at the console  and	no  other  user	 is  currently
       logged  in  at  the  console, will run handler programs
       specified in the file /etc/security/console.handlers such  as  pam_con‐
       sole_apply   which  changes  permissions	 and  ownership	 of  files  as
       described in the file /etc/security/console.perms.  That user may  then
       log  in on other terminals that are considered part of the console, and
       as long as the user is still logged in at any one of  those  terminals,
       that  user  will own those devices.  When the user logs out of the last
       terminal, the console may be taken by the next user to log  in.	 Other
       users  who have logged in at the console during the time that the first
       user was logged in will not be given ownership of  the  devices	unless
       they  log  in on one of the terminals; having done so on any one termi‐
       nal, the next user will own those devices until he or  she  has	logged
       out  of	every terminal that is part of the physical console.  Then the
       race can start for the next user.  In practice, this is not a  problem;
       the physical console is not generally in use by many people at the same
       time, and just tries to do  the  right  thing  in	 weird

       When  an application attempts to authenticate the user and this user is
       already logged in at the console, checks	whether	 there
       is  a  file in /etc/security/console.apps/ directory with the same name
       as the application servicename, and if such a file exists,  authentica‐
       tion  succeeds. This way pam_console may be utilized to run some system
       applications (reboots, config tools) without root password, or to enter
       user password on the first system login only.

       debug  turns on debugging

	      gain  console  locks  and	 change	 permissions even if the TTY's
	      owner is not root.

	      tells to get the list of the handlers from a dif‐
	      ferent file than /etc/security/console.handlers

       auth sufficient
       auth required

       auth sufficient
       auth required
       session required
       session optional


       When pam_console "auth" is used for login services which provide possi‐
       bility of remote login, it is necessary to make	sure  the  application
       correctly sets PAM_RHOST variable, or to deny remote logins completely.
       Currently, /bin/login (invoked from telnetd) and gdm is OK, others  may
       be not.


       Let's  hope  not,  but if you find any, please report them via the "Bug
       Track" link at

       Michael K. Johnson <>
       Support of  console.handlers  and  other	 improvements  by  Tomas  Mraz

Red Hat				   2005/10/4			pam_console(8)

List of man pages available for Oracle

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
Vote for polarhome
Free Shell Accounts :: the biggest list on the net