|PAM_TSOL_ACCOUNT(7)||Standards, Environments, and Macros||PAM_TSOL_ACCOUNT(7)|
pam_tsol_account - PAM account management module for Trusted Extensions
The Trusted Extensions service module for PAM, pam_tsol_account.so.1, checks account limitations that are related to labels.
pam_tsol_account.so.1 contains a function to perform account management, pam_sm_acct_mgmt(3PAM). The function checks for the allowed label range for the user. The allowable label range is set by the defaults in the label_encodings(5) file. These defaults can be overridden by entries in the user_attr(5) database.
By default, this module requires that remote hosts connecting to the global zone must have a CIPSO host type. To disable this policy, add the allow_unlabeled keyword as an option to the entry in pam.conf(5), as in:
other account required pam_tsol_account allow_unlabeled
The following options can be passed to the module:
The following values are returned:
See attributes(7) for description of the following attributes:
|ATTRIBUTE TYPE||ATTRIBUTE VALUE|
|MT Level||MT-Safe with exceptions|
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The functionality described on this manual page is available only if the system is configured with Trusted Extensions.
|August 19, 2023||OmniOS|