GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  PAM_PSEUDO (5)

NAME

pam_pseudo - PAM module for pseudo-user authentication

CONTENTS

Synopsis
Description
Options
Example
Bugs
Files
See Also
Author

SYNOPSIS

/usr/local/lib/security/pam_pseudo.so.1

DESCRIPTION

pam_pseudo is a shared library which gets dynamically loaded into the PAM framework. It provides authentication for pseudo-user accounts to PAM-aware applications.

The pam_pseudo module supports a local text file called /etc/pam_pseudo.map which maps local pseudo-user names to a list of real users allowed to access them. The file consists of lines of the format:
pseudo_user : real_user [...]
Text beginning with a ’#’ is ignored through the next newline. Blank lines and incomplete lines are also ignored.

OPTIONS

The pam_pseudo module accepts the optional argument unknown_user=disposition. This option tells the module what to do when it cannot read the /etc/pam_pseudo.map file or when the pseudo_user name is not found in the file.

There are three possible values for disposition:
fail The authentication will fail if the pseudo-user is not found in the /etc/pam_pseudo.map file.
succeed
  The authentication will succeed if the pseudo-user is not found in the /etc/pam_pseudo.map file.
ignore The authentication attempt will be ignored if the pseudo-user is not found in the /etc/pam_pseudo.map file.
If this option is not specified, the default behavior is for the authentication request to be denied.

EXAMPLE

A common practice for services with multiple administrators is to have a pseudo-user account under which the service is installed and runs. Each service administrator has their own login, but can su to the pseudo-user account using their own password.

To set this up, here’s what you’d put in /etc/pam.conf:
su auth sufficient /usr/local/lib/security/pam_pseudo.so.1 unknown_user=ignore
su auth required /usr/lib/security/pam_unix.so.1
Then, put the pseudo-user accounts in the /etc/pam_pseudo.map file:
# John Smith and Jane Doe allowed to become news
news : smith jdoe

BUGS

The pam_pseudo module only implements the functions for the "auth" module type (pam_sm_authenticate(3) and pam_sm_setcred(3)). The module does not implement functions for the "account", "session", and "password" module types.

FILES

/etc/pam_pseudo.map
/etc/pam.conf

SEE ALSO

pam(3), pam.conf(4)

AUTHOR

Mark D. Roth <roth@feep.net>
Search for    or go to Top of page |  Section 5 |  Main Index


University of Illinois PAM_PSEUDO (5) Aug 2001

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.