Manual Reference Pages - PAM_PSEUDO (5)
pam_pseudo - PAM module for pseudo-user authentication
pam_pseudo is a shared library which gets dynamically loaded into the PAM
framework. It provides authentication for pseudo-user accounts to
pam_pseudo module supports a local text file called
/etc/pam_pseudo.map which maps local pseudo-user names to a list of real users allowed to
access them. The file consists of lines of the format:
Text beginning with a # is ignored through the next newline.
Blank lines and incomplete lines are also ignored.
pseudo_user : real_user [...]
pam_pseudo module accepts the optional argument
unknown_user=disposition. This option tells the module what to do when it cannot read the
/etc/pam_pseudo.map file or when the
pseudo_user name is not found in the file.
There are three possible values for
If this option is not specified, the default behavior is for the
authentication request to be denied.
The authentication will fail if the pseudo-user is not found in the
The authentication will succeed if the pseudo-user is not found in the
The authentication attempt will be ignored if the pseudo-user is not found
A common practice for services with multiple administrators is to
have a pseudo-user account under which the service is installed and
runs. Each service administrator has their own login, but can su to the
pseudo-user account using their own password.
To set this up, heres what youd put in
su auth sufficient /usr/local/lib/security/pam_pseudo.so.1 unknown_user=ignore
su auth required /usr/lib/security/pam_unix.so.1
Then, put the pseudo-user accounts in the
# John Smith and Jane Doe allowed to become news
news : smith jdoe
pam_pseudo module only implements the functions for the "auth"
module type (pam_sm_authenticate(3) and pam_sm_setcred(3)).
The module does not implement functions for the "account", "session",
and "password" module types.
Mark D. Roth <email@example.com>
|University of Illinois ||PAM_PSEUDO (5) ||Aug 2001 |
Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.