JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
man pages section 5: Standards, Environments, and Macros     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information

Preface

Introduction

Standards, Environments, and Macros

acl(5)

ad(5)

advance(5)

adv_cap_1000fdx(5)

adv_cap_1000hdx(5)

adv_cap_100fdx(5)

adv_cap_100hdx(5)

adv_cap_10fdx(5)

adv_cap_10hdx(5)

adv_cap_asym_pause(5)

adv_cap_autoneg(5)

adv_cap_pause(5)

adv_rem_fault(5)

ANSI(5)

architecture(5)

ars(5)

ascii(5)

attributes(5)

audit_binfile(5)

audit_flags(5)

audit_remote(5)

audit_syslog(5)

availability(5)

brands(5)

C++(5)

C(5)

cancellation(5)

cap_1000fdx(5)

cap_1000hdx(5)

cap_100fdx(5)

cap_100hdx(5)

cap_10fdx(5)

cap_10hdx(5)

cap_asym_pause(5)

cap_autoneg(5)

cap_pause(5)

cap_rem_fault(5)

charmap(5)

compile(5)

condition(5)

crypt_bsdbf(5)

crypt_bsdmd5(5)

crypt_sha256(5)

crypt_sha512(5)

crypt_sunmd5(5)

crypt_unix(5)

CSI(5)

datasets(5)

device_clean(5)

dhcp(5)

dhcp_modules(5)

environ(5)

eqnchar(5)

extendedFILE(5)

extensions(5)

fedfs(5)

filesystem(5)

fmri(5)

fnmatch(5)

formats(5)

fsattr(5)

grub(5)

gss_auth_rules(5)

hal(5)

iconv_1250(5)

iconv_1251(5)

iconv(5)

iconv_646(5)

iconv_852(5)

iconv_8859-1(5)

iconv_8859-2(5)

iconv_8859-5(5)

iconv_dhn(5)

iconv_koi8-r(5)

iconv_mac_cyr(5)

iconv_maz(5)

iconv_pc_cyr(5)

iconv_unicode(5)

ieee802.11(5)

ieee802.3(5)

ipfilter(5)

ipkg(5)

isalist(5)

ISO(5)

kerberos(5)

krb5_auth_rules(5)

krb5envvar(5)

KSSL(5)

kssl(5)

labels(5)

largefile(5)

ldap(5)

lf64(5)

lfcompile(5)

lfcompile64(5)

link_duplex(5)

link_rx_pause(5)

link_tx_pause(5)

link_up(5)

locale(5)

locale_alias(5)

lp_cap_1000fdx(5)

lp_cap_1000hdx(5)

lp_cap_100fdx(5)

lp_cap_100hdx(5)

lp_cap_10fdx(5)

lp_cap_10hdx(5)

lp_cap_asym_pause(5)

lp_cap_autoneg(5)

lp_cap_pause(5)

lp_rem_fault(5)

man(5)

mansun(5)

me(5)

mech_spnego(5)

mm(5)

ms(5)

MT-Level(5)

mutex(5)

MWAC(5)

mwac(5)

nfssec(5)

NIS+(5)

NIS(5)

nis(5)

nwam(5)

openssl(5)

pam_allow(5)

pam_authtok_check(5)

pam_authtok_get(5)

pam_authtok_store(5)

pam_deny(5)

pam_dhkeys(5)

pam_dial_auth(5)

pam_krb5(5)

pam_krb5_migrate(5)

pam_ldap(5)

pam_list(5)

pam_passwd_auth(5)

pam_pkcs11(5)

pam_rhosts_auth(5)

pam_roles(5)

pam_sample(5)

pam_smbfs_login(5)

pam_smb_passwd(5)

pam_tsol_account(5)

pam_tty_tickets(5)

pam_unix_account(5)

pam_unix_auth(5)

pam_unix_cred(5)

pam_unix_session(5)

pam_user_policy(5)

pam_zfs_key(5)

pkcs11_kernel(5)

pkcs11_kms(5)

pkcs11_softtoken(5)

pkcs11_tpm(5)

pkg(5)

POSIX.1(5)

POSIX.2(5)

POSIX(5)

privileges(5)

prof(5)

pthreads(5)

RBAC(5)

rbac(5)

regex(5)

regexp(5)

resource_controls(5)

sgml(5)

smf(5)

smf_bootstrap(5)

smf_method(5)

smf_restarter(5)

smf_security(5)

smf_template(5)

solaris10(5)

solaris(5)

solbook(5)

stability(5)

standard(5)

standards(5)

step(5)

sticky(5)

suri(5)

SUS(5)

SUSv2(5)

SUSv3(5)

SVID3(5)

SVID(5)

tecla(5)

teclarc(5)

term(5)

threads(5)

trusted_extensions(5)

vgrindefs(5)

wbem(5)

xcvr_addr(5)

xcvr_id(5)

xcvr_inuse(5)

XNS4(5)

XNS(5)

XNS5(5)

XPG3(5)

XPG4(5)

XPG4v2(5)

XPG(5)

zones(5)

pam_smbfs_login

- PAM user credential authentication module for SMB/CIFS client login

Synopsis

pam_smb_cred.so.1

Description

The pam_smbfs_login module implements pam_sm_setcred(3PAM) to provide functions that act equivalently to the smbadm(1M) add-key command.

This optional functionality is meant to be used only in environments that do not run Active Directory or Kerberos, but which synchronize passwords between Solaris clients and their CIFS/SMB servers.

This module permits the login password to be stored as if the smbadm(1M) add-key command was used to store a password for PAM_USER in the user or system default domain.

To use this functionality, add the following line to the /etc/pam.d/login file:

auth optional    pam_smbfs_login.so.1

Authentication service modules must implement both pam_sm_authenticate(3PAM) and pam_sm_setcred(3PAM). In this module, pam_sm_authenticate(3PAM) always returns PAM_IGNORE.

The pam_sm_setcred(3PAM) function accepts the following flags:

PAM_REFRESH_CRED

Returns PAM_IGNORE.

PAM_SILENT

Suppresses messages.

PAM_ESTABLISH_CRED
PAM_REINITIALIZE_CRED

Stores the authentication token for PAM_USER in the same manner as the smbadm(1M) add-key command.

PAM_DELETE_CRED

Deletes the stored password for PAM_USER in the same manner as the smbadm(1M) remove-key command.

The following options can be passed to the pam_smbfs_login module:

debug

Produces syslog(3C) debugging information at the LOG_AUTH or LOG_DEBUG level.

nowarn

Suppresses warning messages.

Errors

Upon successful completion of pam_sm_setcred(3PAM), PAM_SUCCESS is returned. The following error codes are returned upon error:

PAM_USER_UNKNOWN

User is unknown.

PAM_AUTHTOK_ERR

Password is bad.

PAM_AUTH_ERR

Domain is bad.

PAM_SYSTEM_ERR

System error.

Attributes

See attributes(5) for descriptions of the following attribute:

ATTRIBUTE TYPE
ATTRIBUTE VALUE
Interface Stability
Committed
MT Level
MT-Safe with exceptions

See Also

smbadm(1M), syslog(3C), libpam(3LIB), pam(3PAM), pam_setcred(3PAM), pam_sm(3PAM), pam_sm_authenticate(3PAM), pam_sm_chauthtok(3PAM), pam_sm_setcred(3PAM), pam.conf(4), attributes(5), smbfs(7FS)

Notes

The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.