Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

pam_pseudo(5)			Authentication			 pam_pseudo(5)

NAME
       pam_pseudo - PAM module for pseudo-user authentication

SYNOPSIS
       /usr/local/lib/security/pam_pseudo.so.1

DESCRIPTION
       pam_pseudo  is  a shared library which gets dynamically loaded into the
       PAM framework.  It provides authentication for pseudo-user accounts  to
       PAM-aware applications.

       The   pam_pseudo	  module   supports   a	  local	  text	 file	called
       /etc/pam_pseudo.map which maps local pseudo-user names  to  a  list  of
       real  users  allowed to access them.  The file consists of lines of the
       format:

	      pseudo_user : real_user [...]

       Text beginning with a '#' is ignored through the next  newline.	 Blank
       lines and incomplete lines are also ignored.

OPTIONS
       The pam_pseudo module accepts the optional argument unknown_user=dispo‐
       sition.	This option tells the module what to do when  it  cannot  read
       the  /etc/pam_pseudo.map file or when the pseudo_user name is not found
       in the file.

       There are three possible values for disposition:

       fail   The authentication will fail if the pseudo-user is not found  in
	      the /etc/pam_pseudo.map file.

       succeed
	      The  authentication will succeed if the pseudo-user is not found
	      in the /etc/pam_pseudo.map file.

       ignore The authentication attempt will be ignored if the pseudo-user is
	      not found in the /etc/pam_pseudo.map file.

       If  this	 option	 is  not  specified,  the  default behavior is for the
       authentication request to be denied.

EXAMPLE
       A common practice for services with multiple administrators is to  have
       a  pseudo-user  account	under which the service is installed and runs.
       Each service administrator has their own	 login,	 but  can  su  to  the
       pseudo-user account using their own password.

       To set this up, here's what you'd put in /etc/pam.conf:

	      su   auth	  sufficient   /usr/local/lib/security/pam_pseudo.so.1
	      unknown_user=ignore
	      su auth required /usr/lib/security/pam_unix.so.1

       Then, put the pseudo-user accounts in the /etc/pam_pseudo.map file:

	      # John Smith and Jane Doe allowed to become news
	      news    : smith jdoe

BUGS
       The pam_pseudo module only implements the functions for the "auth" mod‐
       ule  type  (pam_sm_authenticate(3)  and pam_sm_setcred(3)).  The module
       does not implement functions for the "account", "session",  and	"pass‐
       word" module types.

FILES
       /etc/pam_pseudo.map
       /etc/pam.conf

SEE ALSO
       pam(3), pam.conf(4)

AUTHOR
       Mark D. Roth <roth@feep.net>

University of Illinois		   Aug 2001			 pam_pseudo(5)

Vote for polarhome