blob: 81f240b0560b15e9550088606ee6d321fbca5cd9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
<!-- this file is included by pam_set_item and pam_get_item -->
<variablelist>
<varlistentry>
<term>PAM_SERVICE</term>
<listitem>
<para>
The service name (which identifies that PAM stack that
the PAM functions will use to authenticate the program).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER</term>
<listitem>
<para>
The username of the entity under whose identity service
will be given. That is, following authentication,
<emphasis>PAM_USER</emphasis> identifies the local entity
that gets to use the service. Note, this value can be mapped
from something (eg., "anonymous") to something else (eg.
"guest119") by any module in the PAM stack. As such an
application should consult the value of
<emphasis>PAM_USER</emphasis> after each call to a PAM function.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_PROMPT</term>
<listitem>
<para>
The string used when prompting for a user's name. The default
value for this string is a localized version of "login: ".
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_TTY</term>
<listitem>
<para>
The terminal name: prefixed by <filename>/dev/</filename> if
it is a device file; for graphical, X-based, applications the
value for this item should be the
<emphasis>$DISPLAY</emphasis> variable.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_RUSER</term>
<listitem>
<para>
The requesting user name: local name for a locally
requesting user or a remote user name for a remote
requesting user.
</para>
<para>
Generally an application or module will attempt to supply
the value that is most strongly authenticated (a local account
before a remote one. The level of trust in this value is
embodied in the actual authentication stack associated with
the application, so it is ultimately at the discretion of the
system administrator.
</para>
<para>
<emphasis>PAM_RUSER@PAM_RHOST</emphasis> should always identify
the requesting user. In some cases,
<emphasis>PAM_RUSER</emphasis> may be NULL. In such situations,
it is unclear who the requesting entity is.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_RHOST</term>
<listitem>
<para>
The requesting hostname (the hostname of the machine from
which the <emphasis>PAM_RUSER</emphasis> entity is requesting
service). That is <emphasis>PAM_RUSER@PAM_RHOST</emphasis>
does identify the requesting user. In some applications,
<emphasis>PAM_RHOST</emphasis> may be NULL. In such situations,
it is unclear where the authentication request is originating
from.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_AUTHTOK</term>
<listitem>
<para>
The authentication token (often a password). This token
should be ignored by all module functions besides
<citerefentry>
<refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum>
</citerefentry> and
<citerefentry>
<refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
In the former function it is used to pass the most recent
authentication token from one stacked module to another. In
the latter function the token is used for another purpose.
It contains the currently active authentication token.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_OLDAUTHTOK</term>
<listitem>
<para>
The old authentication token. This token should be ignored
by all module functions except
<citerefentry>
<refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_CONV</term>
<listitem>
<para>
The pam_conv structure. See
<citerefentry>
<refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>.
</para>
</listitem>
</varlistentry>
</variablelist>
|