blob: 59ddcd65a8f73cb6e52b202c86a5e289dd1fe977 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
'\" t
.\" Title: pam_timestamp
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
.\" Date: 06/08/2020
.\" Manual: Linux-PAM Manual
.\" Source: Linux-PAM Manual
.\" Language: English
.\"
.TH "PAM_TIMESTAMP" "8" "06/08/2020" "Linux-PAM Manual" "Linux\-PAM Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
pam_timestamp \- Authenticate using cached successful authentication attempts
.SH "SYNOPSIS"
.HP \w'\fBpam_timestamp\&.so\fR\ 'u
\fBpam_timestamp\&.so\fR [timestampdir=\fIdirectory\fR] [timestamp_timeout=\fInumber\fR] [verbose] [debug]
.SH "DESCRIPTION"
.PP
In a nutshell,
\fIpam_timestamp\fR
caches successful authentication attempts, and allows you to use a recent successful attempt as the basis for authentication\&. This is similar mechanism which is used in
\fBsudo\fR\&.
.PP
When an application opens a session using
\fIpam_timestamp\fR, a timestamp file is created in the
\fItimestampdir\fR
directory for the user\&. When an application attempts to authenticate the user, a
\fIpam_timestamp\fR
will treat a sufficiently recent timestamp file as grounds for succeeding\&.
.SH "OPTIONS"
.PP
\fBtimestampdir=\fR\fB\fIdirectory\fR\fR
.RS 4
Specify an alternate directory where
\fIpam_timestamp\fR
creates timestamp files\&.
.RE
.PP
\fBtimestamp_timeout=\fR\fB\fInumber\fR\fR
.RS 4
How long should
\fIpam_timestamp\fR
treat timestamp as valid after their last modification date (in seconds)\&. Default is 300 seconds\&.
.RE
.PP
\fBverbose\fR
.RS 4
Attempt to inform the user when access is granted\&.
.RE
.PP
\fBdebug\fR
.RS 4
Turns on debugging messages sent to
\fBsyslog\fR(3)\&.
.RE
.SH "MODULE TYPES PROVIDED"
.PP
The
\fBauth\fR
and
\fBsession\fR
module types are provided\&.
.SH "RETURN VALUES"
.PP
PAM_AUTH_ERR
.RS 4
The module was not able to retrieve the user name or no valid timestamp file was found\&.
.RE
.PP
PAM_SUCCESS
.RS 4
Everything was successful\&.
.RE
.PP
PAM_SESSION_ERR
.RS 4
Timestamp file could not be created or updated\&.
.RE
.SH "NOTES"
.PP
Users can get confused when they are not always asked for passwords when running a given program\&. Some users reflexively begin typing information before noticing that it is not being asked for\&.
.SH "EXAMPLES"
.sp
.if n \{\
.RS 4
.\}
.nf
auth sufficient pam_timestamp\&.so verbose
auth required pam_unix\&.so
session required pam_unix\&.so
session optional pam_timestamp\&.so
.fi
.if n \{\
.RE
.\}
.SH "FILES"
.PP
/var/run/pam_timestamp/\&.\&.\&.
.RS 4
timestamp files and directories
.RE
.SH "SEE ALSO"
.PP
\fBpam_timestamp_check\fR(8),
\fBpam.conf\fR(5),
\fBpam.d\fR(5),
\fBpam\fR(8)
.SH "AUTHOR"
.PP
pam_timestamp was written by Nalin Dahyabhai\&.
|