DragonFly On-Line Manual Pages

Search: Section:  

pam_pseudo(5)                   Authentication                   pam_pseudo(5)


NAME

       pam_pseudo - PAM module for pseudo-user authentication


SYNOPSIS

       /usr/local/lib/security/pam_pseudo.so.1


DESCRIPTION

       pam_pseudo is a shared library which gets dynamically loaded into the
       PAM framework.  It provides authentication for pseudo-user accounts to
       PAM-aware applications.

       The pam_pseudo module supports a local text file called
       /etc/pam_pseudo.map which maps local pseudo-user names to a list of
       real users allowed to access them.  The file consists of lines of the
       format:

              pseudo_user : real_user [...]

       Text beginning with a '#' is ignored through the next newline.  Blank
       lines and incomplete lines are also ignored.


OPTIONS

       The pam_pseudo module accepts the optional argument
       unknown_user=disposition.  This option tells the module what to do when
       it cannot read the /etc/pam_pseudo.map file or when the pseudo_user
       name is not found in the file.

       There are three possible values for disposition:

       fail   The authentication will fail if the pseudo-user is not found in
              the /etc/pam_pseudo.map file.

       succeed
              The authentication will succeed if the pseudo-user is not found
              in the /etc/pam_pseudo.map file.

       ignore The authentication attempt will be ignored if the pseudo-user is
              not found in the /etc/pam_pseudo.map file.

       If this option is not specified, the default behavior is for the
       authentication request to be denied.


EXAMPLE

       A common practice for services with multiple administrators is to have
       a pseudo-user account under which the service is installed and runs.
       Each service administrator has their own login, but can su to the
       pseudo-user account using their own password.

       To set this up, here's what you'd put in /etc/pam.conf:

              su auth sufficient /usr/local/lib/security/pam_pseudo.so.1
              unknown_user=ignore
              su auth required /usr/lib/security/pam_unix.so.1

       Then, put the pseudo-user accounts in the /etc/pam_pseudo.map file:

              # John Smith and Jane Doe allowed to become news
              news    : smith jdoe


BUGS

       The pam_pseudo module only implements the functions for the "auth"
       module type (pam_sm_authenticate(3) and pam_sm_setcred(3)).  The module
       does not implement functions for the "account", "session", and
       "password" module types.


FILES

       /etc/pam_pseudo.map
       /etc/pam.conf


SEE ALSO

       pam(3), pam.conf(4)


AUTHOR

       Mark D. Roth <roth@feep.net>

University of Illinois             Aug 2001                      pam_pseudo(5)

Search: Section: