summaryrefslogtreecommitdiffstats
path: root/modules/pam_timestamp/README
blob: e1ed508aa70e02d853e7fba557e0a90b200bcb6c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
pam_timestamp — Authenticate using cached successful authentication attempts

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

DESCRIPTION

In a nutshell, pam_timestamp caches successful authentication attempts, and
allows you to use a recent successful attempt as the basis for authentication.
This is similar mechanism which is used in sudo.

When an application opens a session using pam_timestamp, a timestamp file is
created in the timestampdir directory for the user. When an application
attempts to authenticate the user, a pam_timestamp will treat a sufficiently
recent timestamp file as grounds for succeeding.

The default encryption hash is taken from the HMAC_CRYPTO_ALGO variable from /
etc/login.defs.

OPTIONS

timestampdir=directory

    Specify an alternate directory where pam_timestamp creates timestamp files.

timestamp_timeout=number

    How long should pam_timestamp treat timestamp as valid after their last
    modification date (in seconds). Default is 300 seconds.

verbose

    Attempt to inform the user when access is granted.

debug

    Turns on debugging messages sent to syslog(3).

NOTES

Users can get confused when they are not always asked for passwords when
running a given program. Some users reflexively begin typing information before
noticing that it is not being asked for.

EXAMPLES

auth sufficient pam_timestamp.so verbose
auth required   pam_unix.so

session required pam_unix.so
session optional pam_timestamp.so


AUTHOR

pam_timestamp was written by Nalin Dahyabhai.