ドキュメントの品質向上のためのご意見をください

簡潔すぎた
読みづらかった、または難し過ぎた
重要な情報が欠けていた
内容が間違っていた
翻訳版が必要
--選択-- Deutch (German) Español (Spanish) Français (French) Italiano (Italian) Português Brasil (Portuguese) 日本語 (Japanese) 한국어 (Korean) 简体中文 (Simplified Chinese) 繁體中文 (Traditional Chinese) その他の言語 その他

Your rating has been updated

貴重なご意見を有り難うございました!

あなたの貴重なご意見はより良いドキュメント作成の手助けとなります 内容の品質向上と追加コメントのためのアンケートに参加されますか？

アンケートに回答しますいいえ、回答しません

pam_tty_tickets

- PAM authentication module

形式

pam_tty_tickets.so.1 [timeout=minutes] [sudo-compat] [debug]

機能説明

The pam_tty_tickets module provides a mechanism for checking a ticket that was created by a prior successful authentication. Tickets by default validity of 5 minutes.

The default ticket location includes both the source (PAM_AUSER) and destination (PAM_USER) as well as the tty (PAM_TTY) for which it is valid.

The module can be configured using the sudo—compat option to store the tickets in the same location as sudo, though use of sudo is not required to use this feature.

The pam_sm_setcred() function creates a ticket for the user in the tickets directory.

The pam_sm_authenticate() function checks the timestamp on the ticket is no older than the timeout value, if is then it returns PAM_SUCCESS. If it is older then the ticket is removed and the module returns PAM_IGNORE.

This module is intended to be placed in the auth stack with the sufficient control flag.

No messages are produced by this module using the PAM conversation function. Some messages are sent to syslog for error conditions as as well as messages at LOG_INFO for ticket validity checking

The following options can be passed to the module:

debug

Debugging information is sent to syslog LOG_AUTH|LOG_DEBUG.

sudo-compat

Location of the per user (per tty) tickets, matches the sudo location. When this option is set PAM_USER must be root other wise the module returns PAM_IGNORE and tickets are not read or created.

timeout

Validity time in minutes for a ticket. The default is 5 minutes.

使用例

例 1 Using the Default Settings

The following is an excerpt of a sample pam.conf configuration file that has per tty tickets with the default time out (5 minutes) for users authenticating with su(1M):

su auth required    pam_unix_cred.so.1
su auth sufficient  pam_tty_tickets.so.1
su auth requisite   pam_authtok_get.so.1
su auth required    pam_dhkeys.so.1
su auth required    pam_unix_auth.so.1

例 2 Changing the Default Settings

The following example changes the defaults so that tickets are valid for 10 minutes and uses the sudo location:

su auth required    pam_unix_cred.so.1
su auth sufficient  pam_tty_tickets.so.1 sudo-compat timeout=10
su auth requisite   pam_authtok_get.so.1
su auth required    pam_dhkeys.so.1
su auth required    pam_unix_auth.so.1

エラー

PAM_SUCCESS

Ticket is valid

PAM_IGNORE

All other cases

ファイル

/system/volatile/tty_tickets/<PAM_AUSER>/<PAM_USER>/<PAM_TTY>

Default ticket location.

/system/volatile/sudo/<PAM_AUSER>/<PAM_TTY>

When used sudo-compat is set this file has the same format as those created by sudo.

属性

See attributes(5) for descriptions of the following attributes:

The syslog messages are Volatile. The module name, module options, and ticket locations are Committed.

関連項目

su(1M), sudo(1M), pam(3PAM), pam_sm_authenticate(3PAM), pam_sm_setcred(3PAM), attributes(5)