FreeBSD Manual Pages

home | help
PAM_PEFS(8)		    System Manager's Manual		   PAM_PEFS(8)

NAME
       pam_pefs	-- pefs	PAM module

SYNOPSIS
       [service-name] module-type control-flag pam_pefs	[options]

DESCRIPTION
       The pefs	authentication service module for PAM, pam_pefs	provides func-
       tionality  for  two  PAM	categories: authentication and session manage-
       ment.  In terms of the module-type parameter, they are the  "auth"  and
       "session" features.

       Module  expects	pefs  file system to be	mounted	on user	home directory
       and fails otherwise.

   Pefs	Authentication Module
       The pefs	authentication component provides a  function  to  verify  the
       identity	of a user (pam_sm_authenticate()), by prompting	the user for a
       passphrase and verifying	that it	exists in pefs key chain database.

       The following options may be passed to the authentication module:

       use_first_pass  If  the	authentication	module is not the first	in the
		       stack, and a previous module obtained the user's	 pass-
		       word,  that  password is	used to	authenticate the user.
		       If this fails, the authentication module	returns	 fail-
		       ure  without  prompting	the user for a password.  This
		       option has no effect if the  authentication  module  is
		       the  first  in the stack, or if no previous modules ob-
		       tained the user's password.

       try_first_pass  This option is similar to  the  use_first_pass  option,
		       except  that if the previously obtained password	fails,
		       the user	is prompted for	another	password.

       ignore_missing  Accept any passphrase provided by the user.   This  op-
		       tion  is	used not to authenticate user, but to preserve
		       keys that should	be added to pefs file system  by  ses-
		       sion  management	 module.   Option is incompatible with
		       try_first_pass  option  and   should   be   used	  with
		       use_first_pass option.

       delkeys	       Remove  keys at the end of last session.	 Module	tracks
		       the number of concurrent	sessions,  removing  all  keys
		       from file system	when session count reaches zero.

   Pefs	Session	Management Module
       The  pefs  session  management component	provides functions to initiate
       (pam_sm_open_session())	and  terminate	(pam_sm_close_session())  ses-
       sions.	The  pam_sm_open_session()  function adds key or key chain de-
       crypted during the authentication phase to the pefs file	system mounted
       on user home directory.

FILES
       $HOME/.pefs.conf	 pefs configuration file
       $HOME/.pefs.db	 pefs key chain	database file

SEE ALSO
       pam.conf(5), pam(8) pefs(8)

AUTHORS
       The pam_pefs module was written by Gleb Kurtsou <gleb@FreeBSD.org>.

BUGS
       pam_sm_close_session() function doesn't delete  keys  added  during  by
       pam_sm_open_session().

FreeBSD	Ports 14.quarterly     December	1, 2009			   PAM_PEFS(8)
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=pam_pefs&sektion=8&manpath=FreeBSD+Ports+14.3.quarterly>
home | help
Header And Logo

Peripheral Links

Site Navigation

FreeBSD Manual Pages

Header And Logo

Peripheral Links

Search

Site Navigation

FreeBSD Manual Pages
