| |
| Standards, Environments, and Macros | pam_projects(5) |
| | pam_projects - account management PAM module for projects |
SYNOPSIS
| | /usr/lib/security/pam_projects.so.1 |
| |
The projects service module for PAM, /usr/lib/security/pam_projects.so.1, provides functionality for the account management PAM module. The pam_projects.so.1 module is a shared object that can be dynamically loaded to
provide the necessary functionality upon demand. Its path is specified in the PAM configuration file.
pam_projects.so.1 is designed to be stacked on top of the pam_unix_account.so.1 module for all services. This module is normally configured as "required", implying that any user lacking a default project will be denied login.
Projects Account Management Module
| |
The project account management component provides a function to perform account management, pam_sm_acct_mgmt(). This function uses the getdefaultproj() function (see getprojent(3PROJECT)) to retrieve the user's default project entry from the project(4) database. It then
sets the project ID attribute of the calling process, using the settaskid(2) system call.
If the user does not belong to any project defined in the project(4) database, or if the settaskid() system call failed to set the project ID attribute of the calling process, the module will display an error message and will return error code PAM_PERM_DENIED.
|
|
| |
See attributes(5) for description of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| MT-Level | MT-Safe with exceptions |
|
| |
settaskid(2), getprojent(3PROJECT), libpam(3LIB), pam(3PAM), pam_acct_mgmt(3PAM), pam.conf(4), project(4), attributes(5)
, pam_authtok_check(5), pam_authtok_get(5), pam_authtok_store(5), pam_dhkeys(5), pam_passwd_auth(5), pam_unix(5), pam_unix_account(5), pam_unix_auth(5), pam_unix_session(5)
|
| |
