summaryrefslogtreecommitdiff
path: root/doc/man/pam_item_types_std.inc.xml
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/pam_item_types_std.inc.xml')
-rw-r--r--doc/man/pam_item_types_std.inc.xml138
1 files changed, 138 insertions, 0 deletions
diff --git a/doc/man/pam_item_types_std.inc.xml b/doc/man/pam_item_types_std.inc.xml
new file mode 100644
index 00000000..81f240b0
--- /dev/null
+++ b/doc/man/pam_item_types_std.inc.xml
@@ -0,0 +1,138 @@
+<!-- this file is included by pam_set_item and pam_get_item -->
+
+ <variablelist>
+ <varlistentry>
+ <term>PAM_SERVICE</term>
+ <listitem>
+ <para>
+ The service name (which identifies that PAM stack that
+ the PAM functions will use to authenticate the program).
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_USER</term>
+ <listitem>
+ <para>
+ The username of the entity under whose identity service
+ will be given. That is, following authentication,
+ <emphasis>PAM_USER</emphasis> identifies the local entity
+ that gets to use the service. Note, this value can be mapped
+ from something (eg., "anonymous") to something else (eg.
+ "guest119") by any module in the PAM stack. As such an
+ application should consult the value of
+ <emphasis>PAM_USER</emphasis> after each call to a PAM function.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_USER_PROMPT</term>
+ <listitem>
+ <para>
+ The string used when prompting for a user's name. The default
+ value for this string is a localized version of "login: ".
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_TTY</term>
+ <listitem>
+ <para>
+ The terminal name: prefixed by <filename>/dev/</filename> if
+ it is a device file; for graphical, X-based, applications the
+ value for this item should be the
+ <emphasis>$DISPLAY</emphasis> variable.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_RUSER</term>
+ <listitem>
+ <para>
+ The requesting user name: local name for a locally
+ requesting user or a remote user name for a remote
+ requesting user.
+ </para>
+ <para>
+ Generally an application or module will attempt to supply
+ the value that is most strongly authenticated (a local account
+ before a remote one. The level of trust in this value is
+ embodied in the actual authentication stack associated with
+ the application, so it is ultimately at the discretion of the
+ system administrator.
+ </para>
+ <para>
+ <emphasis>PAM_RUSER@PAM_RHOST</emphasis> should always identify
+ the requesting user. In some cases,
+ <emphasis>PAM_RUSER</emphasis> may be NULL. In such situations,
+ it is unclear who the requesting entity is.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_RHOST</term>
+ <listitem>
+ <para>
+ The requesting hostname (the hostname of the machine from
+ which the <emphasis>PAM_RUSER</emphasis> entity is requesting
+ service). That is <emphasis>PAM_RUSER@PAM_RHOST</emphasis>
+ does identify the requesting user. In some applications,
+ <emphasis>PAM_RHOST</emphasis> may be NULL. In such situations,
+ it is unclear where the authentication request is originating
+ from.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_AUTHTOK</term>
+ <listitem>
+ <para>
+ The authentication token (often a password). This token
+ should be ignored by all module functions besides
+ <citerefentry>
+ <refentrytitle>pam_sm_authenticate</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> and
+ <citerefentry>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ In the former function it is used to pass the most recent
+ authentication token from one stacked module to another. In
+ the latter function the token is used for another purpose.
+ It contains the currently active authentication token.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>PAM_OLDAUTHTOK</term>
+ <listitem>
+ <para>
+ The old authentication token. This token should be ignored
+ by all module functions except
+ <citerefentry>
+ <refentrytitle>pam_sm_chauthtok</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+
+ <varlistentry>
+ <term>PAM_CONV</term>
+ <listitem>
+ <para>
+ The pam_conv structure. See
+ <citerefentry>
+ <refentrytitle>pam_conv</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ </variablelist>