pam_unix(5)
12 September 1995
NAME
pam_unix − authentication, account, session, and password management PAM modules for UNIX
SYNOPSIS
/usr/lib/security/libpam_unix.1
DESCRIPTION
The UNIX service module for PAM, /usr/lib/security/libpam_unix.1, provides functionality for all four PAM modules: The authentication module, the account management module, the session management module, and the password management module. The libpam_unix.1 module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand. Its path is specified in the PAM configuration file. The system administrator can determine the policy and must be careful to specify the correct modules in the pam.conf file.
Unix Authentication Module
The UNIX authentication component provides functions to verify the identity of a user, and to set user specific credentials. Authentication of the users by the Unix Authentication Module compares the user entered password with the password from UNIX password database. If the passwords match, the user is authenticated. The following options may be passed to the UNIX service module:
debugsyslog(3) debugging information at LOG_DEBUG level
nowarnturn off warning messages
use_first_passIt compares the password in the password database with the user’s initial password (entered when the user authenticated to the first authentication module in the stack). If the passwords do not match, or if no password has been entered, quit and do not prompt the user for a password. This option should only be used if the authentication service is designated as optional in the pam.conf configuration file.
try_first_passIt compares the password in the password database with the user’s initial password (entered when the user authenticated to the first authentication module in the stack). If the passwords do not match, or if no password has been entered, prompt the user for a password.
Unix Account Management Module
The UNIX account management component provides a function to perform account management. The account management component retrieves the user’s password entry from the UNIX password database and verifies that the user’s account and password have not expired. The following option may be passed in to the UNIX service module:
debugsyslog(3) debugging information at LOG_DEBUG level
Unix Session Management Module
The UNIX session management component provides functions to initiate and terminate UNIX sessions. Currently for UNIX, these functions are empty. The following option may be passed in to the UNIX service module:
debugsyslog(3) debugging information at LOG_DEBUG level
Unix Password Management Module
The UNIX password management component provides functions to change passwords. These functions all retrieve the UNIX password entry from the UNIX password database and set or retrieve the necessary components within the entry (such as the value of the UNIX password for example). The following option may be passed in to the UNIX service module:
debugsyslog(3) debugging information at LOG_DEBUG level
SEE ALSO
pam(3), syslog(3), pam.conf(4)
Hewlett-PAckard Company — HP-UX 10.20 April 1996