PAM_TIMESTAMP(7) | Standards, Environments, and Macros | PAM_TIMESTAMP(7) |
pam_timestamp
—
PAM authentication module using cached successful
authentication attempts
pam_timestamp.so.1 |
[debug] [timeout=min] |
The pam_timestamp
module caches successful
tty-based authentication attempts by creating user's directories and per tty
timestamp files in the common timestamp directory
/var/run/tty_timestamps. Next authentication, if the
timestamp file exist and not expired, the user will not be asked for a
password, otherwise timestamp file will be deleted and user will be prompted
to enter a password.
The PAM items PAM_USER
,
PAM_AUSER
and PAM_TTY
are
used by this module.
pam_timestamp
is normally configured as
sufficient
and must be used in conjunction with the modules that support the UNIX
authentication, which are
pam_authtok_get(7),
pam_unix_cred(7) and
pam_unix_auth(7). Proper
authentication operation requires
pam_unix_cred(7) be stacked
above pam_timestamp
.
debug
timeout
PAM_SUCCESS
PAM_IGNORE
pam_timestamp
module was not able to retrieve
required credentials or timestamp file is expired or corrupt.The following example is a pam.conf(5) fragment that illustrates default settings for allowing su(8) authentication:
su auth required pam_unix_cred.so.1 su auth sufficient pam_timestamp.so.1 su auth requisite pam_authtok_get.so.1 su auth required pam_unix_auth.so.1
The default timeout set to 10 minutes:
su auth required pam_unix_cred.so.1 su auth sufficient pam_timestamp.so.1 timeout=10 su auth requisite pam_authtok_get.so.1 su auth required pam_unix_auth.so.1
syslog(3C), pam(3PAM), pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM), pam.conf(5), su(8)
November 26, 2017 | OmniOS |