| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208 |
- <?xml version="1.0" encoding='UTF-8'?>
- <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
- "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
- <refentry id="pam_timestamp">
- <refmeta>
- <refentrytitle>pam_timestamp</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
- </refmeta>
- <refnamediv id="pam_timestamp-name">
- <refname>pam_timestamp</refname>
- <refpurpose>Authenticate using cached successful authentication attempts</refpurpose>
- </refnamediv>
- <refsynopsisdiv>
- <cmdsynopsis id="pam_timestamp-cmdsynopsis">
- <command>pam_timestamp.so</command>
- <arg choice="opt">
- timestampdir=<replaceable>directory</replaceable>
- </arg>
- <arg choice="opt">
- timestamp_timeout=<replaceable>number</replaceable>
- </arg>
- <arg choice="opt">
- verbose
- </arg>
- <arg choice="opt">
- debug
- </arg>
- </cmdsynopsis>
- </refsynopsisdiv>
- <refsect1 id="pam_timestamp-description">
- <title>DESCRIPTION</title>
- <para>
- In a nutshell, <emphasis>pam_timestamp</emphasis> caches successful
- authentication attempts, and allows you to use a recent successful attempt as
- the basis for authentication. This is similar mechanism which is used in
- <command>sudo</command>.
- </para>
- <para>
- When an application opens a session using <emphasis>pam_timestamp</emphasis>,
- a timestamp file is created in the <emphasis>timestampdir</emphasis> directory
- for the user. When an application attempts to authenticate the user, a
- <emphasis>pam_timestamp</emphasis> will treat a sufficiently recent timestamp
- file as grounds for succeeding.
- </para>
- <para condition="openssl_hmac">
- The default encryption hash is taken from the
- <emphasis remap='B'>HMAC_CRYPTO_ALGO</emphasis> variable from
- <emphasis>/etc/login.defs</emphasis>.
- </para>
- </refsect1>
- <refsect1 id="pam_timestamp-options">
- <title>OPTIONS</title>
- <variablelist>
- <varlistentry>
- <term>
- <option>timestampdir=<replaceable>directory</replaceable></option>
- </term>
- <listitem>
- <para>
- Specify an alternate directory where
- <emphasis>pam_timestamp</emphasis> creates timestamp files.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>timestamp_timeout=<replaceable>number</replaceable></option>
- </term>
- <listitem>
- <para>
- How long should <emphasis>pam_timestamp</emphasis>
- treat timestamp as valid after their
- last modification date (in seconds). Default is 300 seconds.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>verbose</option>
- </term>
- <listitem>
- <para>
- Attempt to inform the user when access is granted.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <option>debug</option>
- </term>
- <listitem>
- <para>
- Turns on debugging messages sent to <citerefentry>
- <refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum>
- </citerefentry>.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1 id="pam_timestamp-types">
- <title>MODULE TYPES PROVIDED</title>
- <para>
- The <option>auth</option> and <option>session</option>
- module types are provided.
- </para>
- </refsect1>
- <refsect1 id='pam_timestamp-return_values'>
- <title>RETURN VALUES</title>
- <variablelist>
- <varlistentry>
- <term>PAM_AUTH_ERR</term>
- <listitem>
- <para>
- The module was not able to retrieve the user name or
- no valid timestamp file was found.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_SUCCESS</term>
- <listitem>
- <para>
- Everything was successful.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PAM_SESSION_ERR</term>
- <listitem>
- <para>
- Timestamp file could not be created or updated.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1 id='pam_timestamp-notes'>
- <title>NOTES</title>
- <para>
- Users can get confused when they are not always asked for passwords when
- running a given program. Some users reflexively begin typing information before
- noticing that it is not being asked for.
- </para>
- </refsect1>
- <refsect1 id='pam_timestamp-examples'>
- <title>EXAMPLES</title>
- <programlisting>
- auth sufficient pam_timestamp.so verbose
- auth required pam_unix.so
- session required pam_unix.so
- session optional pam_timestamp.so
- </programlisting>
- </refsect1>
- <refsect1 id="pam_timestamp-files">
- <title>FILES</title>
- <variablelist>
- <varlistentry>
- <term><filename>/var/run/pam_timestamp/...</filename></term>
- <listitem>
- <para>timestamp files and directories</para>
- </listitem>
- </varlistentry>
- </variablelist>
- </refsect1>
- <refsect1 id='pam_timestamp-see_also'>
- <title>SEE ALSO</title>
- <para>
- <citerefentry>
- <refentrytitle>pam_timestamp_check</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
- </citerefentry>,
- <citerefentry>
- <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
- </citerefentry>
- </para>
- </refsect1>
- <refsect1 id='pam_timestamp-author'>
- <title>AUTHOR</title>
- <para>
- pam_timestamp was written by Nalin Dahyabhai.
- </para>
- </refsect1>
- </refentry>
|
