Проект OpenNet: MAN pam_tsol_account (5) Форматы файлов (FreeBSD и Linux)

Интерактивная система просмотра системных руководств (man-ов)

pam_tsol_account (5)

>> pam_tsol_account (5) ( Solaris man: Форматы файлов )

NAME

pam_tsol_account - PAM account management module for Trusted Extensions

SYNOPSIS

/usr/lib/security/pam_tsol_account.so.1

DESCRIPTION

The Solaris Trusted Extensions service module for PAM, /usr/lib/security/pam_tsol_account.so.1, checks account limitations that are related to labels. The pam_tsol_account.so.1 module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand. Its path is specified in the PAM configuration file.

pam_tsol_account.so.1 contains a function to perform account management, pam_sm_acct_mgmt(). The function checks for the allowed label range for the user. The allowable label range is set by the defaults in the label_encodings(4) file. These defaults can be overridden by entries in the user_attr(4) database.

By default, this module requires that remote hosts connecting to the global zone must have a CIPSO host type. To disable this policy, add the allow_unlabeled keyword as an option to the entry in pam.conf(4), as in:

other  account required    pam_tsol_account allow_unlabeled

OPTIONS

The following options can be passed to the module:

allow_unlabeled

: Allows remote connections from hosts with unlabeled template types.

debug

: Provides debugging information at the LOG_DEBUG level. See syslog(3C).

RETURN VALUES

The following values are returned:

PAM_SUCCESS

: The account is valid for use at this time and label.

PAM_PERM_DENIED

: The current process label is outside the user's label range, or the label information for the process is unavailable, or the remote host type is not valid.

Other values

: Returns an error code that is consistent with typical PAM operations. For information on error-related return values, see the pam(3PAM) man page.