summaryrefslogtreecommitdiffstats
path: root/modules/pam_timestamp/pam_timestamp.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_timestamp/pam_timestamp.8.xml')
-rw-r--r--modules/pam_timestamp/pam_timestamp.8.xml208
1 files changed, 208 insertions, 0 deletions
diff --git a/modules/pam_timestamp/pam_timestamp.8.xml b/modules/pam_timestamp/pam_timestamp.8.xml
new file mode 100644
index 0000000..83e5aea
--- /dev/null
+++ b/modules/pam_timestamp/pam_timestamp.8.xml
@@ -0,0 +1,208 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_timestamp">
+
+ <refmeta>
+ <refentrytitle>pam_timestamp</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_timestamp-name">
+ <refname>pam_timestamp</refname>
+ <refpurpose>Authenticate using cached successful authentication attempts</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_timestamp-cmdsynopsis">
+ <command>pam_timestamp.so</command>
+ <arg choice="opt">
+ timestampdir=<replaceable>directory</replaceable>
+ </arg>
+ <arg choice="opt">
+ timestamp_timeout=<replaceable>number</replaceable>
+ </arg>
+ <arg choice="opt">
+ verbose
+ </arg>
+ <arg choice="opt">
+ debug
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_timestamp-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ In a nutshell, <emphasis>pam_timestamp</emphasis> caches successful
+authentication attempts, and allows you to use a recent successful attempt as
+the basis for authentication. This is similar mechanism which is used in
+<command>sudo</command>.
+ </para>
+ <para>
+ When an application opens a session using <emphasis>pam_timestamp</emphasis>,
+a timestamp file is created in the <emphasis>timestampdir</emphasis> directory
+for the user. When an application attempts to authenticate the user, a
+<emphasis>pam_timestamp</emphasis> will treat a sufficiently recent timestamp
+file as grounds for succeeding.
+ </para>
+ <para condition="openssl_hmac">
+ The default encryption hash is taken from the
+ <emphasis remap='B'>HMAC_CRYPTO_ALGO</emphasis> variable from
+ <emphasis>/etc/login.defs</emphasis>.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_timestamp-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>timestampdir=<replaceable>directory</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Specify an alternate directory where
+ <emphasis>pam_timestamp</emphasis> creates timestamp files.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>timestamp_timeout=<replaceable>number</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ How long should <emphasis>pam_timestamp</emphasis>
+ treat timestamp as valid after their
+ last modification date (in seconds). Default is 300 seconds.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>verbose</option>
+ </term>
+ <listitem>
+ <para>
+ Attempt to inform the user when access is granted.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Turns on debugging messages sent to <citerefentry>
+ <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_timestamp-types">
+ <title>MODULE TYPES PROVIDED</title>
+ <para>
+ The <option>auth</option> and <option>session</option>
+ module types are provided.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_timestamp-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>
+ The module was not able to retrieve the user name or
+ no valid timestamp file was found.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Everything was successful.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SESSION_ERR</term>
+ <listitem>
+ <para>
+ Timestamp file could not be created or updated.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_timestamp-notes'>
+ <title>NOTES</title>
+ <para>
+ Users can get confused when they are not always asked for passwords when
+running a given program. Some users reflexively begin typing information before
+noticing that it is not being asked for.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_timestamp-examples'>
+ <title>EXAMPLES</title>
+ <programlisting>
+auth sufficient pam_timestamp.so verbose
+auth required pam_unix.so
+
+session required pam_unix.so
+session optional pam_timestamp.so
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id="pam_timestamp-files">
+ <title>FILES</title>
+ <variablelist>
+ <varlistentry>
+ <term><filename>/var/run/pam_timestamp/...</filename></term>
+ <listitem>
+ <para>timestamp files and directories</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_timestamp-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>pam_timestamp_check</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_timestamp-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_timestamp was written by Nalin Dahyabhai.
+ </para>
+ </refsect1>
+
+</refentry>