Lines Matching full:authentication
77 operations: authentication, account management, session management, and
81 authentication and session management modules so that each application
82 doesn't have to know the best way to check user authentication or create a
92 performs a Kerberos initial authentication, storing the obtained
103 After doing the initial authentication, the Kerberos PAM module will
105 verify those tickets. Unless this step is performed, the authentication
112 authentication if the obtained tickets cannot be checked, set
195 Kerberos authentication. If the network is not available, some Kerberos
200 authentication module such as \fBpam_unix\fR first with a control field of
202 password authentication was successful.
267 <format> argument is used as the authentication Kerberos principal, with
277 authentication in programs like \fBsudo\fR. Most examples will look like:
283 which attempts authentication as the root instance of the username first
287 This option also allows a cheap way to attempt authentication in an
295 will attempt authentication in the EXAMPLE.COM realm first and then fall
309 [3.12] This option is used with \fIalt_auth_map\fR and forces authentication
312 normal authentication. This can be used to force authentication with an
330 [1.1] Do not do anything if the username is \f(CW\*(C`root\*(C'\fR. The authentication
343 both of those conditions are true, the authentication and password calls
359 mapped principal for authentication. It disables fallback to normal
360 authentication in all cases and overrides \fIsearch_k5login\fR and
362 the standard authentication behavior is used.
374 will be successfully authenticated; otherwise, authentication will fail.
375 This option is useful for allowing password authentication (via console or
379 authentication.
387 [4.6] Attempt to use Flexible Authentication Secure Tunneling (FAST) by
396 weaker user passwords. This option uses anonymous authentication to
397 obtain that key and then uses it to protect the subsequent authentication.
400 the authentication will proceed as normal.
414 anonymous authentication is done.
419 doesn't support PKINIT or doesn't support anonymous authentication.
431 does not exist or is not readable, FAST will not used and authentication
433 are expired, authentication will fail if the KDC supports FAST.
438 and that the local realm support anonymous authentication. If both
458 that use this PAM module for authentication may wish to point it to
554 responsible for either rejecting the authentication or calling
565 support prompting for password changes during authentication), and then
581 authentication failure identical to an incorrect password. Also see
588 [3.11] If this option is set and authentication fails with a Kerberos
606 to the initial authentication identity.
629 [3.0] When doing PKINIT authentication, use <anchors> as the client trust
638 [3.0] Before attempting PKINIT authentication, prompt the user to insert a
651 [3.0] When doing PKINIT authentication, use <userid> as the user ID. The
693 [3.0] Attempt PKINIT authentication before trying a regular password. You
696 authentication. This option is currently only supported if pam\-krb5 was
700 PKINIT fails and the module falls back to password authentication, the
703 Kerberos that requires some reworking of the PKINIT authentication method
710 [3.0, 4.9 for MIT Kerberos] Require PKINIT authentication. You will
712 PKINIT fails, authentication will fail. This option is only supported if
718 Kerberos libraries or KDC during authentication will not be displayed.
763 [4.0] Use the password obtained by a previous authentication or password
777 configured to use other authentication mechanisms than passwords and needs
796 password group, it applies only to the authentication process; the user
803 to use for authentication. This allows the user to authenticate with a
816 [1.0] If the authentication module isn't the first on the stack, and a
819 authentication fails, fall back on prompting the user for their password.
820 This option has no effect if the authentication module is first in the
837 [1.0] Use the password obtained by a previous authentication module to
839 module obtained the user's password for either an authentication or
841 did obtain the user's password but authentication with that password
869 [1.2] Store both the temporary ticket cache used during authentication and
887 [1.0] Do not create a ticket cache after authentication. This option
889 configuration for a particular service that uses PAM for authentication
924 authentication (unless the \fIno_ccache\fR option was given). \fBpam_setcred()\fR
951 module falls back to password authentication.
976 authentication module.
978 This module treats the empty password as an authentication failure