pam_ksu man page on FreeBSD

Man page or keyword search:  
man Server   9747 pages
apropos Keyword Search (all sections)
Output format
FreeBSD logo
[printable version]

PAM_KSU(8)		  BSD System Manager's Manual		    PAM_KSU(8)

NAME
     pam_ksu — Kerberos 5 SU PAM module

SYNOPSIS
     [service-name] module-type control-flag pam_ksu [options]

DESCRIPTION
     The Kerberos 5 SU authentication service module for PAM, pam_ksu for only
     one PAM category: authentication.	In terms of the module-type parameter,
     this is the “auth” feature.  The module is specifically designed to be
     used with the su(1) utility.

   Kerberos 5 SU Authentication Module
     The Kerberos 5 SU authentication component provides functions to verify
     the identity of a user (pam_sm_authenticate()), and determine whether or
     not the user is authorized to obtain the privileges of the target
     account.  If the target account is “root”, then the Kerberos 5 principal
     used for authentication and authorization will be the “root” instance of
     the current user, e.g. “user/root@REAL.M”.	 Otherwise, the principal will
     simply be the current user's default principal, e.g. “user@REAL.M”.

     The user is prompted for a password if necessary.	Authorization is per‐
     formed by comparing the Kerberos 5 principal with those listed in the
     .k5login file in the target account's home directory (e.g. /root/.k5login
     for root).

     The following options may be passed to the authentication module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

     use_first_pass  If the authentication module is not the first in the
		     stack, and a previous module obtained the user's pass‐
		     word, that password is used to authenticate the user.  If
		     this fails, the authentication module returns failure
		     without prompting the user for a password.	 This option
		     has no effect if the authentication module is the first
		     in the stack, or if no previous modules obtained the
		     user's password.

     try_first_pass  This option is similar to the use_first_pass option,
		     except that if the previously obtained password fails,
		     the user is prompted for another password.

SEE ALSO
     su(1), syslog(3), pam.conf(5), pam(8)

BSD				 May 15, 2002				   BSD
[top]

List of man pages available for FreeBSD

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
...................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net