.TH pam_authsrv 5 "Feb 2001" "University of Illinois" "Authentication" .SH NAME pam_authsrv \- PAM module for TIS authsrv authentication .SH SYNOPSIS .B /usr/local/lib/security/pam_authsrv.so.1 .SH DESCRIPTION .B pam_authsrv is a shared library which gets dynamically loaded into the PAM framework. It provides TIS authsrv authentication for PAM-aware applications. The .B pam_authsrv module supports a local text file called .I /etc/pam_tis.map which maps local login names to the user name in the .B authsrv database. The file consists of lines of the format: .IP local_login : authsrv_user .PP If the .I authsrv_user name is not present, the ":" is ignored and the .I local_login name will be used to identify the user to the authsrv daemon. Text beginning with a '#' is ignored through the next newline. Blank lines and incomplete lines are also ignored. .SH OPTIONS The .B pam_authsrv module accepts the optional argument .IR unknown_user=disposition . This option tells the module what to do when it cannot read the .I /etc/pam_tis.map file or when the .I local_login name is not found in the file. There are three possible values for .IR disposition : .TP .B fail The authentication will fail if the user is not found in the .I /etc/pam_tis.map file. .TP .B succeed The authentication will succeed if the user is not found in the .I /etc/pam_tis.map file. .TP .B ignore The authentication attempt will be ignored if the user is not found in the .I /etc/pam_tis.map file. .PP If this option is not specified, the default behavior is to query the .B authsrv using the specified local user name. .SH EXAMPLE A common practice for systems with multiple administrators is to have an "su" account for each admin which can be accessed via .B authsrv authentication. To set this up, here's what you'd put in .IR /etc/pam.conf : .IP su auth required /usr/local/lib/security/pam_authsrv.so.1 .PP Then, put the su accounts in the .I /etc/pam_tis.map file: .IP susmith : smith # John Smith .br sujrh : jrh # J. Random Hacker .SH BUGS The .B pam_authsrv module only implements the functions for the "auth" module type (\fBpam_sm_authenticate\fP(3) and \fBpam_sm_setcred\fP(3)). The module does not implement functions for the "account", "session", and "password" module types. .PP Due to architectual and implementation issues of PAM, it is strongly advised to turn off DNS resolution in networking PAM client applications, otherwise .B pam_authsrv won't be able to determine remote host IP address. .SH FILES .I /etc/pam_tis.map .br .I /usr/local/etc/netperm-table .br .I /etc/pam.conf .SH SEE ALSO .BR pam (3), .BR pam.conf (4), .BR authsrv (8) .SH AUTHOR Mark D. Roth