FreeBSD 7.0 manual page repository

FreeBSD is a free computer operating system based on BSD UNIX originally. Many IT companies, like DeployIS is using it to provide an up-to-date, stable operating system.

pam_ksu - Kerberos 5 SU PAM module



      pam_ksu - Kerberos 5 SU PAM module


      [service-name] module-type control-flag pam_ksu [options]


      The Kerberos 5 SU authentication service module for PAM, pam_ksu for only
      one PAM category: authentication.  In terms of the module-type parameter,
      this is the “auth” feature.  The module is specifically designed to be
      used with the su(1) utility.
    Kerberos 5 SU Authentication Module
      The Kerberos 5 SU authentication component provides functions to verify
      the identity of a user (pam_sm_authenticate()), and determine whether or
      not the user is authorized to obtain the privileges of the target
      account.  If the target account is “root”, then the Kerberos 5 principal
      used for authentication and authorization will be the “root” instance of
      the current user, e.g. “user/root@REAL.M”.  Otherwise, the principal will
      simply be the current user’s default principal, e.g. “user@REAL.M”.
      The user is prompted for a password if necessary.  Authorization is per‐
      formed by comparing the Kerberos 5 principal with those listed in the
      .k5login file in the target account’s home directory (e.g. /root/.k5login
      for root).
      The following options may be passed to the authentication module:
      debug           syslog(3) debugging information at LOG_DEBUG level.
      use_first_pass  If the authentication module is not the first in the
                      stack, and a previous module obtained the user’s pass‐
                      word, that password is used to authenticate the user.  If
                      this fails, the authentication module returns failure
                      without prompting the user for a password.  This option
                      has no effect if the authentication module is the first
                      in the stack, or if no previous modules obtained the
                      user’s password.
      try_first_pass  This option is similar to the use_first_pass option,
                      except that if the previously obtained password fails,
                      the user is prompted for another password.
      su(1), syslog(3), pam.conf(5), pam(8)


Based on BSD UNIX
FreeBSD is an advanced operating system for x86 compatible (including Pentium and Athlon), amd64 compatible (including Opteron, Athlon64, and EM64T), UltraSPARC, IA-64, PC-98 and ARM architectures. It is derived from BSD, the version of UNIX developed at the University of California, Berkeley. It is developed and maintained by a large team of individuals. Additional platforms are in various stages of development.