NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | SEE ALSO | NOTES
The projects service module for PAM, /usr/lib/security/pam_projects.so.1, provides functionality for the account management PAM module. The pam_projects.so.1 module is a shared object that can be dynamically loaded to provide the necessary functionality upon demand. Its path is specified in the PAM configuration file.
pam_projects.so.1 is designed to be stacked on top of the pam_unix_account.so.1 module for all services. This module is normally configured as "required", implying that any user lacking a default project will be denied login.
The project account management component provides a function to perform account management, pam_sm_acct_mgmt(). This function uses the getdefaultproj() function (see getprojent(3PROJECT)) to retrieve the user's default project entry from the project(4) database. It then sets the project ID attribute of the calling process, using the settaskid(2) system call.
If the user does not belong to any project defined in the project(4) database, or if the settaskid() system call failed to set the project ID attribute of the calling process, the module will display an error message and will return error code PAM_PERM_DENIED.
See attributes(5) for description of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
MT-Level | MT-Safe with exceptions |
settaskid(2), getprojent(3PROJECT), libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM), pam.conf(4), project(4), attributes(5)
, pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.
The pam_unix(5) module might not be supported in a future release. Similar functionality is provided by pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix_account(5), pam_unix_auth(5), and pam_unix_session(5).
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | SEE ALSO | NOTES