Lines Matching full:authentication
24 operations: authentication, account management, session management, and
28 authentication and session management modules so that each application
29 doesn't have to know the best way to check user authentication or create a
42 performs a Kerberos initial authentication, storing the obtained
53 After doing the initial authentication, the Kerberos PAM module will
55 verify those tickets. Unless this step is performed, the authentication
62 authentication if the obtained tickets cannot be checked, set
150 Kerberos authentication. If the network is not available, some Kerberos
155 authentication module such as B<pam_unix> first with a control field of
157 password authentication was successful.
224 <format> argument is used as the authentication Kerberos principal, with
234 authentication in programs like B<sudo>. Most examples will look like:
238 which attempts authentication as the root instance of the username first
242 This option also allows a cheap way to attempt authentication in an
248 will attempt authentication in the EXAMPLE.COM realm first and then fall
263 [3.12] This option is used with I<alt_auth_map> and forces authentication
266 normal authentication. This can be used to force authentication with an
286 [1.1] Do not do anything if the username is C<root>. The authentication
300 both of those conditions are true, the authentication and password calls
317 mapped principal for authentication. It disables fallback to normal
318 authentication in all cases and overrides I<search_k5login> and
320 the standard authentication behavior is used.
333 will be successfully authenticated; otherwise, authentication will fail.
334 This option is useful for allowing password authentication (via console or
338 authentication.
351 [4.6] Attempt to use Flexible Authentication Secure Tunneling (FAST) by
360 weaker user passwords. This option uses anonymous authentication to
361 obtain that key and then uses it to protect the subsequent authentication.
364 the authentication will proceed as normal.
378 anonymous authentication is done.
384 doesn't support PKINIT or doesn't support anonymous authentication.
396 does not exist or is not readable, FAST will not used and authentication
398 are expired, authentication will fail if the KDC supports FAST.
403 and that the local realm support anonymous authentication. If both
425 that use this PAM module for authentication may wish to point it to
532 responsible for either rejecting the authentication or calling
543 support prompting for password changes during authentication), and then
560 authentication failure identical to an incorrect password. Also see
568 [3.11] If this option is set and authentication fails with a Kerberos
587 to the initial authentication identity.
617 [3.0] When doing PKINIT authentication, use <anchors> as the client trust
627 [3.0] Before attempting PKINIT authentication, prompt the user to insert a
641 [3.0] When doing PKINIT authentication, use <userid> as the user ID. The
683 [3.0] Attempt PKINIT authentication before trying a regular password. You
686 authentication. This option is currently only supported if pam-krb5 was
690 PKINIT fails and the module falls back to password authentication, the
693 Kerberos that requires some reworking of the PKINIT authentication method
701 [3.0, 4.9 for MIT Kerberos] Require PKINIT authentication. You will
703 PKINIT fails, authentication will fail. This option is only supported if
709 Kerberos libraries or KDC during authentication will not be displayed.
759 [4.0] Use the password obtained by a previous authentication or password
774 configured to use other authentication mechanisms than passwords and needs
793 password group, it applies only to the authentication process; the user
801 to use for authentication. This allows the user to authenticate with a
815 [1.0] If the authentication module isn't the first on the stack, and a
818 authentication fails, fall back on prompting the user for their password.
819 This option has no effect if the authentication module is first in the
838 [1.0] Use the password obtained by a previous authentication module to
840 module obtained the user's password for either an authentication or
842 did obtain the user's password but authentication with that password
876 [1.2] Store both the temporary ticket cache used during authentication and
895 [1.0] Do not create a ticket cache after authentication. This option
897 configuration for a particular service that uses PAM for authentication
939 authentication (unless the I<no_ccache> option was given). pam_setcred()
976 module falls back to password authentication.
1002 authentication module.
1004 This module treats the empty password as an authentication failure