pam_srm(5SRM)
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | SEE ALSO | WARNINGS | NOTES
NAME
- pam_srm- account and session management
PAM module for Solaris Resource Manager
SYNOPSIS
/usr/lib/security/pam_srm.so.1
DESCRIPTION
- pam_sm_acct_mgmt()
-
Informs the user of any resource-limit-exceeded warnings, and returns PAM_PERM_DENIED if the number of such warnings is greater than warn limit. It is assumed the user has already been authenticated.
The following options may be passed to the Solaris Resource Manager account management module:
- debug
-
Cause extra syslog debugging information at LOG_DEBUG level.
- nowarn
-
Turn off warning messages.
- everylogin=scriptfile
-
As the last phase in account management, run the script file (as superuser, or for su, as the invoking user). If the script file exits non-zero, access will be denied.
- nolnode=scriptfile
-
If the account requested has no lnode, run the script file (as superuser, or for su, as the invoking user).
-
Both scripts are invoked without arguments and have only the following environment variables set:
- USER
-
The name of the user who will be logged in if access is permitted.
- UID
-
The UID of the user who will be logged in, or for su, the UID of the user invoking su.
- DEBUG
-
Either true or false, depending on the value of the debug option.
- SERVICE
-
The name of the service that invoked pam.
- pam_sm_open_session()
-
Attaches to the lnode as a login session. If there is already a login session for the user, and the user's onelogin flag evaluates to set, pam_sm_open_session() returns PAM_SESSION_ERR. The debug and nowarn options are accepted by pam_open_session() with meanings as above.
- pam_sm_close_session()
-
Informs Solaris Resource Manager that the login session has completed.
- flag.nologin=set
-
No login permitted
- flag.onelogin=set
-
One login permitted
The Solaris Resource Manager service module for PAM, /usr/lib/security/pam_srm.so.1, provides functionality for account management and session management.
/usr/lib/security/pam_srm.so.1 is designed to be stacked on top of any other PAM service modules, for all login gateways. It is usually configured as requisite.
Entry Points
This service module provides the following entry points:
Login Control
Currently, Solaris Resource Manager can control the number of concurrent logins of a user and/or a scheduling group by setting the following flags of the limit lnode using the limadm(1MSRM) command:
It is also possible to set no restrictions, and permit an unlimited number of logins.
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
| Architecture | SPARC |
| Availability | SUNWsrmb, SUNWsrmr |
SEE ALSO
pam(3PAM), pam_authenticate(3PAM), pam_setcred(3PAM), syslog(3C), libpam(4), pam.conf(4), limadm(1MSRM), srm(5SRM)
Solaris Resource Manager 1.3 System Administration Guide
WARNINGS
If the pam_conv() function provided by the login gateway does not support PAM_TEXT_INFO and PAM_ERROR_MSG message styles, warnings and informational messages provided by pam_share will not be visible to the user.
NOTES
This man page is applicable to SunOS 5.6, SunOS 5.7, and SunOS 5.8.
NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | SEE ALSO | WARNINGS | NOTES
- © 2010, Oracle Corporation and/or its affiliates