PAM_TIMESTAMP(7) Standards, Environments, and Macros PAM_TIMESTAMP(7)
pam_timestamp - PAM authentication module using cached successful
authentication attempts
pam_timestamp.so.1 [debug] [timeout=min]
The pam_timestamp module caches successful tty-based authentication
attempts by creating user's directories and per tty timestamp files in
the common timestamp directory /var/run/tty_timestamps. Next
authentication, if the timestamp file exist and not expired, the user
will not be asked for a password, otherwise timestamp file will be
deleted and user will be prompted to enter a password.
The PAM items PAM_USER, PAM_AUSER and PAM_TTY are used by this module.
pam_timestamp is normally configured as sufficient and must be used in
conjunction with the modules that support the UNIX authentication,
which are pam_authtok_get(7), pam_unix_cred(7) and pam_unix_auth(7).
Proper authentication operation requires pam_unix_cred(7) be stacked
above pam_timestamp.
debug Provides syslog(3C) debugging information at the LOG_AUTH |
LOG_DEBUG level.
timeout
Specifies the period (in minutes) for which the timestamp file
is valid. The default value is 5 minutes.
/var/run/tty_timestamps/...
stores timestamp directories and files
PAM_SUCCESS
Timestamp file is not expired.
PAM_IGNORE
The pam_timestamp module was not able to retrieve required
credentials or timestamp file is expired or corrupt.
Example 1 Allowing su authentication
The following example is a pam.conf(5) fragment that illustrates
default settings for allowing su(8) authentication:
su auth required pam_unix_cred.so.1
su auth sufficient pam_timestamp.so.1
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
Example 2 Changing default timeout
The default timeout set to 10 minutes:
su auth required pam_unix_cred.so.1
su auth sufficient pam_timestamp.so.1 timeout=10
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
Uncommitted.
MT-Safe.
syslog(3C), pam(3PAM), pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM),
pam.conf(5), su(8)
illumos November 26, 2017 illumos
NAME
pam_timestamp - PAM authentication module using cached successful
authentication attempts
SYNOPSIS
pam_timestamp.so.1 [debug] [timeout=min]
DESCRIPTION
The pam_timestamp module caches successful tty-based authentication
attempts by creating user's directories and per tty timestamp files in
the common timestamp directory /var/run/tty_timestamps. Next
authentication, if the timestamp file exist and not expired, the user
will not be asked for a password, otherwise timestamp file will be
deleted and user will be prompted to enter a password.
The PAM items PAM_USER, PAM_AUSER and PAM_TTY are used by this module.
pam_timestamp is normally configured as sufficient and must be used in
conjunction with the modules that support the UNIX authentication,
which are pam_authtok_get(7), pam_unix_cred(7) and pam_unix_auth(7).
Proper authentication operation requires pam_unix_cred(7) be stacked
above pam_timestamp.
OPTIONS
debug Provides syslog(3C) debugging information at the LOG_AUTH |
LOG_DEBUG level.
timeout
Specifies the period (in minutes) for which the timestamp file
is valid. The default value is 5 minutes.
FILES
/var/run/tty_timestamps/...
stores timestamp directories and files
EXIT STATUS
PAM_SUCCESS
Timestamp file is not expired.
PAM_IGNORE
The pam_timestamp module was not able to retrieve required
credentials or timestamp file is expired or corrupt.
EXAMPLES
Example 1 Allowing su authentication
The following example is a pam.conf(5) fragment that illustrates
default settings for allowing su(8) authentication:
su auth required pam_unix_cred.so.1
su auth sufficient pam_timestamp.so.1
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
Example 2 Changing default timeout
The default timeout set to 10 minutes:
su auth required pam_unix_cred.so.1
su auth sufficient pam_timestamp.so.1 timeout=10
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
INTERFACE STABILITY
Uncommitted.
MT LEVEL
MT-Safe.
SEE ALSO
syslog(3C), pam(3PAM), pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM),
pam.conf(5), su(8)
illumos November 26, 2017 illumos