Layer: system

Module: authlogin

Interfaces

Description:

Common policy for authentication and user login.


Interfaces:

auth_append_faillog( domain )
Summary

Append to the login failure log.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_append_lastlog( domain )
Summary

Append only to the last logins log.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_append_login_records( domain )
Summary

Append to login records (wtmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_can_read_shadow_passwords( domain )
Summary

Pass shadow assertion for reading.

Description

Pass shadow assertion for reading. This should only be used with auth_tunable_read_shadow(), and only exists because typeattribute does not work in conditionals.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_delete_pam_console_data( domain )
Summary

Delete pam_console data.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_delete_pam_pid( domain )
Summary

Delete pam PID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_domtrans_chk_passwd( domain )
Summary

Run unix_chkpwd to check a password.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_domtrans_login_program( domain , target_domain )
Summary

Execute a login_program in the target domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

target_domain

The type of the login_program process.

auth_domtrans_pam( domain )
Summary

Execute pam programs in the pam domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_domtrans_pam_console( domain )
Summary

Execute pam_console with a domain transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_domtrans_upd_passwd( domain )
Summary

Execute a domain transition to run unix_update.

Parameters
Parameter:Description:
domain

Domain allowed to transition.

auth_domtrans_utempter( domain )
Summary

Execute utempter programs in the utempter domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_dontaudit_exec_utempter( domain )
Summary

Do not audit attemps to execute utempter executable.

Parameters
Parameter:Description:
domain

Domain to not audit.

auth_dontaudit_getattr_shadow( domain )
Summary

Do not audit attempts to get the attributes of the shadow passwords file.

Parameters
Parameter:Description:
domain

Domain to not audit.

auth_dontaudit_read_pam_pid( domain )
Summary

Do not audit attemps to read PAM PID files.

Parameters
Parameter:Description:
domain

Domain to not audit.

auth_dontaudit_read_shadow( domain )
Summary

Do not audit attempts to read the shadow password file (/etc/shadow).

Parameters
Parameter:Description:
domain

The type of the domain to not audit.

auth_dontaudit_write_login_records( domain )
Summary

Do not audit attempts to write to login records files.

Parameters
Parameter:Description:
domain

Domain to not audit.

auth_etc_filetrans_shadow( domain )
Summary

Automatic transition from etc to shadow.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_exec_pam( domain )
Summary

Execute the pam program.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_getattr_shadow( domain )
Summary

Get the attributes of the shadow passwords file.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_list_pam_console_data( domain )
Summary

List the contents of the pam_console data directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_log_filetrans_login_records( domain )
Summary

Create a login records in the log directory using a type transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_login_entry_type( domain )
Summary

Use the login program as an entry point program.

Parameters
Parameter:Description:
domain

The type of process using the login program as entry point.

auth_login_pgm_domain( domain )
Summary

Make the specified domain used for a login program.

Parameters
Parameter:Description:
domain

Domain type used for a login program domain.

auth_manage_all_files_except_shadow( domain , exception_types )
Summary

Manage all files on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

auth_manage_login_records( domain )
Summary

Create, read, write, and delete login records files.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_manage_pam_console_data( domain )
Summary

Create, read, write, and delete pam_console data files.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_manage_pam_pid( domain )
Summary

Manage pam PID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_manage_shadow( domain )
Summary

Create, read, write, and delete the shadow password file.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_manage_var_auth( domain )
Summary

Manage var auth files. Used by various other applications and pam applets etc.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_ranged_domtrans_login_program( domain , target_domain , range )
Summary

Execute a login_program in the target domain, with a range transition.

Parameters
Parameter:Description:
domain

Domain allowed access.

target_domain

The type of the login_program process.

range

Range of the login program.

auth_read_all_dirs_except_shadow( domain , exception_types )
Summary

Read all directories on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

auth_read_all_files_except_shadow( domain , exception_types )
Summary

Read all files on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

auth_read_all_symlinks_except_shadow( domain , exception_types )
Summary

Read all symbolic links on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

auth_read_lastlog( domain )
Summary

Read the last logins log.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_read_login_records( domain )
Summary

Read login records files (/var/log/wtmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_read_pam_console_data( domain )
Summary

Read pam_console data files.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_read_pam_pid( domain )
Summary

Read PAM PID files.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_read_shadow( domain )
Summary

Read the shadow passwords file (/etc/shadow)

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_relabel_all_files_except_shadow( domain , exception_types )
Summary

Relabel all files on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:
domain

The type of the domain perfoming this action.

exception_types

The types to be excluded. Each type or attribute must be negated by the caller.

auth_relabel_shadow( domain )
Summary

Relabel from and to the shadow password file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_relabelto_shadow( domain )
Summary

Relabel to the shadow password file type.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_role( role , domain )
Summary

Role access for password authentication.

Parameters
Parameter:Description:
role

Role allowed access.

domain

Domain allowed access.

auth_run_chk_passwd( domain , role )
Summary

Execute chkpwd programs in the chkpwd domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to allow the chkpwd domain.

auth_run_pam( domain , role )
Summary

Execute pam programs in the PAM domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to allow the PAM domain.

auth_run_upd_passwd( domain , role )
Summary

Execute updpwd programs in the updpwd domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to allow the updpwd domain.

auth_run_utempter( domain , role )
Summary

Execute utempter programs in the utempter domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

role

The role to allow the utempter domain.

auth_rw_faillog( domain )
Summary

Read and write the login failure log.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_rw_lastlog( domain )
Summary

Read and write to the last logins log.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_rw_login_records( domain )
Summary

Read and write login records.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_rw_shadow( domain )
Summary

Read and write the shadow password file (/etc/shadow).

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_search_pam_console_data( domain )
Summary

Search the contents of the pam_console data directory.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_setattr_login_records( domain )
Summary

Set the attributes of login record files.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_signal_pam( domain )
Summary

Execute pam programs in the pam domain.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_tunable_read_shadow( domain )
Summary

Read the shadow password file.

Description

Read the shadow password file. This should only be used in a conditional; it does not pass the reading shadow assertion.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_unconfined( domain )
Summary

Unconfined access to the authlogin module.

Description

Unconfined access to the authlogin module.

Currently, this only allows assertions for the shadow passwords file (/etc/shadow) to be passed. No access is granted yet.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_use_nsswitch( domain )
Summary

Use nsswitch to look up uid-username mappings.

Parameters
Parameter:Description:
domain

Domain allowed access.

auth_write_login_records( domain )
Summary

Write to login records (wtmp).

Parameters
Parameter:Description:
domain

Domain allowed access.

Return