Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
pam_pseudo(5)			Authentication			 pam_pseudo(5)

NAME
       pam_pseudo - PAM	module for pseudo-user authentication

SYNOPSIS
       /usr/local/lib/security/pam_pseudo.so.1

DESCRIPTION
       pam_pseudo  is  a shared	library	which gets dynamically loaded into the
       PAM framework.  It provides authentication for pseudo-user accounts  to
       PAM-aware applications.

       The   pam_pseudo	  module   supports   a	  local	  text	 file	called
       /etc/pam_pseudo.map which maps local pseudo-user	names  to  a  list  of
       real  users  allowed to access them.  The file consists of lines	of the
       format:

	      pseudo_user : real_user [...]

       Text beginning with a '#' is ignored through the	next  newline.	 Blank
       lines and incomplete lines are also ignored.

OPTIONS
       The pam_pseudo module accepts the optional argument unknown_user=dispo-
       sition.	This option tells the module what to do	when  it  cannot  read
       the  /etc/pam_pseudo.map	file or	when the pseudo_user name is not found
       in the file.

       There are three possible	values for disposition:

       fail   The authentication will fail if the pseudo-user is not found  in
	      the /etc/pam_pseudo.map file.

       succeed
	      The  authentication will succeed if the pseudo-user is not found
	      in the /etc/pam_pseudo.map file.

       ignore The authentication attempt will be ignored if the	pseudo-user is
	      not found	in the /etc/pam_pseudo.map file.

       If  this	 option	 is not	specified, the default behavior	is for the au-
       thentication request to be denied.

EXAMPLE
       A common	practice for services with multiple administrators is to  have
       a  pseudo-user  account	under which the	service	is installed and runs.
       Each service administrator has their own	 login,	 but  can  su  to  the
       pseudo-user account using their own password.

       To set this up, here's what you'd put in	/etc/pam.conf:

	      su  auth	sufficient /usr/local/lib/security/pam_pseudo.so.1 un-
	      known_user=ignore
	      su auth required /usr/lib/security/pam_unix.so.1

       Then, put the pseudo-user accounts in the /etc/pam_pseudo.map file:

	      #	John Smith and Jane Doe	allowed	to become news
	      news    :	smith jdoe

BUGS
       The pam_pseudo module only implements the functions for the "auth" mod-
       ule  type  (pam_sm_authenticate(3)  and pam_sm_setcred(3)).  The	module
       does not	implement functions for	the "account", "session",  and	"pass-
       word" module types.

FILES
       /etc/pam_pseudo.map
       /etc/pam.conf

SEE ALSO
       pam(3), pam.conf(4)

AUTHOR
       Mark D. Roth <roth@feep.net>

University of Illinois		   Aug 2001			 pam_pseudo(5)

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLE | BUGS | FILES | SEE ALSO | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pam_pseudo&sektion=5&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help