Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   16655 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

PAM_UNIX_AUTH(5)					      PAM_UNIX_AUTH(5)

NAME
       pam_unix_auth - PAM authentication module for UNIX

SYNOPSIS
       pam_unix_auth.so.1

DESCRIPTION
       The  pam_unix_auth  module implements pam_sm_authenticate(), which pro‐
       vides functionality to the PAM authentication stack. It provides	 func‐
       tions  that  use crypt(3C) to verify that the password contained in the
       PAM item PAM_AUTHTOK is the correct password for the user specified  in
       the item PAM_USER. If PAM_REPOSITORY is specified, then user's password
       is  fetched  from  that	repository.  Otherwise,	  the	default	  nss‐
       witch.conf(4) repository is searched for that user.

       For accounts in the name services which support automatic account lock‐
       ing, the account may be configured  to  be  automatically  locked  (see
       user_attr(4)  and policy.conf(4)) after multiple failed login attempts.
       For accounts that are configured for automatic locking, if  authentica‐
       tion failure is to be returned, the failed login counter is incremented
       upon each failure. If the  number  of  successive  failures  equals  or
       exceeds	RETRIES	 as  defined  in  login(1),  the account is locked and
       PAM_MAXTRIES is returned.  Currently, only the "files" repository  (see
       passwd(4) and shadow(4)) supports automatic account locking. A success‐
       ful authentication by this module clears the failed login  counter  and
       reports the number of failed attempts since the last successful authen‐
       tication.

       Authentication service modules  must  implement	both  pam_sm_authenti‐
       cate()  and  pam_sm_setcred().  To  allow the authentication portion of
       UNIX authentication to be replaced,  pam_sm_setcred()  in  this	module
       always	returns	  PAM_IGNORE.  This  module  should  be	 stacked  with
       pam_unix_cred(5) to ensure a successful return from pam_setcred(3PAM).

       The following options can be passed to the module:

       nowarn

	   Turn off warning messages.

       server_policy

	   If the account authority for the user, as specified by PAM_USER, is
	   a server, do not apply the UNIX policy from the passwd entry in the
	   name service switch.

       nolock

	   Regardless  of  the	automatic  account  locking  setting  for  the
	   account,  do	 not  lock  the account, increment or clear the failed
	   login count. The nolock option allows for exempting account locking
	   on a per service basis.

ERRORS
       The following error codes are returned from pam_sm_authenticate():

       PAM_AUTH_ERR

	   Authentication failure.

       PAM_BUF_ERR

	   Memory buffer error.

       PAM_IGNORE

	   Ignores module, not participating in result.

       PAM_MAXTRIES

	   Maximum number of retries exceeded.

       PAM_PERM_DENIED

	   Permission denied.

       PAM_SUCCESS

	   Successfully obtains authentication token.

       PAM_SYSTEM_ERR

	   System error.

       PAM_USER_UNKNOWN

	   No account present for user.

       The following error codes are returned from pam_sm_setcred():

       PAM_IGNORE

	   Ignores this module regardless of the control flag.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌────────────────────┬─────────────────────────┐
       │  ATTRIBUTE TYPE    │	  ATTRIBUTE VALUE     │
       ├────────────────────┼─────────────────────────┤
       │Interface Stability │ Committed		      │
       ├────────────────────┼─────────────────────────┤
       │MT Level	    │ MT-Safe with exceptions │
       └────────────────────┴─────────────────────────┘

SEE ALSO
       login(1),   passwd(1),  useradd(1M),  usermod(1M),  roleadd(1M),	 role‐
       mod(1M), crypt(3C),  libpam(3LIB),  pam(3PAM),  pam_authenticate(3PAM),
       pam_setcred(3PAM),  syslog(3C), pam.conf(4), passwd(4), policy.conf(4),
       nsswitch.conf(4),  shadow(4),  user_attr(4),  attributes(5),  pam_auth‐
       tok_check(5),  pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5),
       pam_passwd_auth(5), pam_unix_account(5), pam_unix_session(5)

NOTES
       The interfaces in libpam(3LIB) are MT-Safe only if each	thread	within
       the multi-threaded application uses its own PAM handle.

       The pam_unix(5) module is no longer supported. Similar functionality is
       provided	  by   pam_authtok_check(5),   pam_authtok_get(5),   pam_auth‐
       tok_store(5),	pam_dhkeys(5),	 pam_passwd_auth(5),pam_setcred(3PAM),
       pam_unix_account(5), pam_unix_cred(5), pam_unix_session(5).

       If the PAM_REPOSITORY item_type is set and a service  module  does  not
       recognize  the  type,  the service module does not process any informa‐
       tion, and returns PAM_IGNORE. If the PAM_REPOSITORY  item_type  is  not
       set, a service module performs its default action.

				 Apr 23, 2008		      PAM_UNIX_AUTH(5)

Vote for polarhome