NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | SEE ALSO | NOTES
The projects service module for PAM, /usr/lib/security/pam_projects.so.1, provides functionality for the account management PAM module. The pam_projects.so.1 module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand. Its path is specified in the PAM configuration file.
pam_projects.so.1 is designed to be stacked on top of the pam_unix.so.1 module for all services. This module is normally configured as “required”, implying that any user lacking a default project will be denied login.
The project account management component provides a function to perform account management, pam_sm_acct_mgmt(). This function uses the getdefaultproj(3EXACCT) library function (see getprojent(3EXACCT)) to retrieve the user's default project entry from the project(4) database. It then sets the project ID attribute of the calling process, using the settaskid(2) system call.
If the user does not belong to any project defined in the project(4) database, or if the settaskid() system call failed to set the project ID attribute of the calling process, the module will display an error message and will return error code PAM_PERM_DENIED.
See attributes(5) for description of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
MT-Level | MT-Safe with exceptions |
settaskid(2), getprojent(3EXACCT), libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM), pam.conf(4), project(4), attributes(5)
The interfaces listed above are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | SEE ALSO | NOTES