PAM_TSOL_ACCOUNT(7) | Standards, Environments, and Macros | PAM_TSOL_ACCOUNT(7) |
pam_tsol_account - PAM account management module for Trusted Extensions
pam_tsol_account.so.1
The Trusted Extensions service module for PAM, pam_tsol_account.so.1, checks account limitations that are related to labels.
pam_tsol_account.so.1 contains a function to perform account management, pam_sm_acct_mgmt(3PAM). The function checks for the allowed label range for the user. The allowable label range is set by the defaults in the label_encodings(5) file. These defaults can be overridden by entries in the user_attr(5) database.
By default, this module requires that remote hosts connecting to the global zone must have a CIPSO host type. To disable this policy, add the allow_unlabeled keyword as an option to the entry in pam.conf(5), as in:
other account required pam_tsol_account allow_unlabeled
The following options can be passed to the module:
allow_unlabeled
debug
The following values are returned:
PAM_SUCCESS
PAM_PERM_DENIED
Other values
See attributes(7) for description of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
Interface Stability | Committed |
MT Level | MT-Safe with exceptions |
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
keylogin(1), syslog(3C), libpam(3LIB), pam(3PAM), pam_sm_acct_mgmt(3PAM), pam_start(3PAM), label_encodings(5), pam.conf(5), user_attr(5), attributes(7)
The functionality described on this manual page is available only if the system is configured with Trusted Extensions.
August 19, 2023 | OmniOS |