PAM_TIMESTAMP(7) Standards, Environments, and Macros PAM_TIMESTAMP(7)
NAME
pam_timestamp - PAM authentication module using cached successful
authentication attempts
SYNOPSIS
pam_timestamp.so.1 [
debug] [
timeout=min]
DESCRIPTION
The
pam_timestamp module caches successful tty-based authentication
attempts by creating user's directories and per tty timestamp files in
the common timestamp directory
/var/run/tty_timestamps. Next
authentication, if the timestamp file exist and not expired, the user
will not be asked for a password, otherwise timestamp file will be
deleted and user will be prompted to enter a password.
The PAM items PAM_USER, PAM_AUSER and PAM_TTY are used by this module.
pam_timestamp is normally configured as
sufficient and must be used in
conjunction with the modules that support the UNIX authentication,
which are
pam_authtok_get(7),
pam_unix_cred(7) and
pam_unix_auth(7).
Proper authentication operation requires
pam_unix_cred(7) be stacked
above
pam_timestamp.
OPTIONS
debug Provides
syslog(3C) debugging information at the
LOG_AUTH |
LOG_DEBUG level.
timeout
Specifies the period (in minutes) for which the timestamp file
is valid. The default value is 5 minutes.
FILES
/var/run/tty_timestamps/... stores timestamp directories and files
EXIT STATUS
PAM_SUCCESS
Timestamp file is not expired.
PAM_IGNORE
The
pam_timestamp module was not able to retrieve required
credentials or timestamp file is expired or corrupt.
EXAMPLES
Example 1 Allowing su authentication The following example is a
pam.conf(5) fragment that illustrates
default settings for allowing
su(8) authentication:
su auth required pam_unix_cred.so.1
su auth sufficient pam_timestamp.so.1
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
Example 2 Changing default timeout The default timeout set to 10 minutes:
su auth required pam_unix_cred.so.1
su auth sufficient pam_timestamp.so.1 timeout=10
su auth requisite pam_authtok_get.so.1
su auth required pam_unix_auth.so.1
INTERFACE STABILITY
Uncommitted.
MT LEVEL
MT-Safe.
SEE ALSO
syslog(3C),
pam(3PAM),
pam_sm_authenticate(3PAM),
pam_sm_setcred(3PAM),
pam.conf(5),
su(8)illumos November 26, 2017 illumos
