This section lists selected PAM service modules. The modules are listed by their man page followed by a brief description of where and when they are used. For more information, read the man page.
For a list of all PAM service modules that Oracle Solaris provides, see section 5 of the man pages. New modules are added on a regular basis. For example, in this release, a number of modules are added for authentication with Windows systems. Your site might also add PAM modules from third parties.
Returns PAM_SUCCESS for all calls. See also the pam_deny(5) man page.
Validates the password token for password change.
Provides password prompting functionality to the PAM stack.
Updates the password token for PAM_USER.
Returns the module type default failure return code for all calls. See also the pam_allow(5) man page.
Provides functionality to two PAM services: Secure RPC authentication and Secure RPC authentication token management.
Provides functions to verify the identity of a Kerberos user and to manage the Kerberos credentials cache.
Helps to migrate PAM_USER to the client's local Kerberos realm.
Provides functionality for the PAM authentication and account management stacks by the configured LDAP directory server.
Provides functions to validate the user's account on this host. The validation is based on a list of users and netgroups on the host.
Provides authentication functionality to the password stack.
Enables a user to log in to a system by using an X.509 certificate and its dedicated private key that is stored in a PKCS#11 token.
Verifies that a user is authorized to assume a role and prevents direct login by a role.
Supports the changing or adding of SMB passwords for local Oracle Solaris users. See also the smb(4) man page.
Synchronizes passwords between Oracle Solaris clients and their CIFS/SMB servers.
Verifies Trusted Extensions account limitations that are related to labels.
Provides a mechanism for checking a ticket that was created by a prior successful authentication.
Provides functions to validate that the user's account is not locked or expired and that the user's password does not need to be changed.
Includes checks of access_times and access_tz.
Provides functions to verify that the password is the correct password for PAM_USER.
Provides functions that establish user credential information. It enables the authentication functionality to be replaced independently from the credential functionality.
Opens and closes a session, and also updates the /var/adm/lastlog file.
Calls a user-specific PAM configuration.
Provides functions to load and change the ZFS encryption passphrase for a user's encrypted home directory.