11642eb1aSMark Murray.\" Copyright (c) 2001 Mark R V Murray 21642eb1aSMark Murray.\" All rights reserved. 3f03a4b81SDag-Erling Smørgrav.\" Copyright (c) 2002 Networks Associates Technology, Inc. 4a2d20838SDag-Erling Smørgrav.\" All rights reserved. 5a2d20838SDag-Erling Smørgrav.\" 6a2d20838SDag-Erling Smørgrav.\" Portions of this software were developed for the FreeBSD Project by 7a2d20838SDag-Erling Smørgrav.\" ThinkSec AS and NAI Labs, the Security Research Division of Network 8a2d20838SDag-Erling Smørgrav.\" Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 9a2d20838SDag-Erling Smørgrav.\" ("CBOSS"), as part of the DARPA CHATS research program. 101642eb1aSMark Murray.\" 111642eb1aSMark Murray.\" Redistribution and use in source and binary forms, with or without 121642eb1aSMark Murray.\" modification, are permitted provided that the following conditions 131642eb1aSMark Murray.\" are met: 141642eb1aSMark Murray.\" 1. Redistributions of source code must retain the above copyright 151642eb1aSMark Murray.\" notice, this list of conditions and the following disclaimer. 161642eb1aSMark Murray.\" 2. Redistributions in binary form must reproduce the above copyright 171642eb1aSMark Murray.\" notice, this list of conditions and the following disclaimer in the 181642eb1aSMark Murray.\" documentation and/or other materials provided with the distribution. 19a2d20838SDag-Erling Smørgrav.\" 3. The name of the author may not be used to endorse or promote 20a2d20838SDag-Erling Smørgrav.\" products derived from this software without specific prior written 21a2d20838SDag-Erling Smørgrav.\" permission. 221642eb1aSMark Murray.\" 231642eb1aSMark Murray.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 241642eb1aSMark Murray.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 251642eb1aSMark Murray.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 261642eb1aSMark Murray.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 271642eb1aSMark Murray.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 281642eb1aSMark Murray.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 291642eb1aSMark Murray.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 301642eb1aSMark Murray.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 311642eb1aSMark Murray.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 321642eb1aSMark Murray.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 331642eb1aSMark Murray.\" SUCH DAMAGE. 341642eb1aSMark Murray.\" 351642eb1aSMark Murray.Dd July 8, 2001 361642eb1aSMark Murray.Dt PAM_SECURETTY 8 371642eb1aSMark Murray.Os 381642eb1aSMark Murray.Sh NAME 391642eb1aSMark Murray.Nm pam_securetty 401642eb1aSMark Murray.Nd SecureTTY PAM module 411642eb1aSMark Murray.Sh SYNOPSIS 421642eb1aSMark Murray.Op Ar service-name 431642eb1aSMark Murray.Ar module-type 441642eb1aSMark Murray.Ar control-flag 451642eb1aSMark Murray.Pa pam_securetty 461642eb1aSMark Murray.Op Ar options 471642eb1aSMark Murray.Sh DESCRIPTION 48a2d20838SDag-Erling SmørgravThe SecureTTY service module for PAM, 491642eb1aSMark Murray.Nm 501642eb1aSMark Murrayprovides functionality for only one PAM category: 51a2d20838SDag-Erling Smørgravaccount management. 521642eb1aSMark MurrayIn terms of the 531642eb1aSMark Murray.Ar module-type 541642eb1aSMark Murrayparameter, this is the 55a2d20838SDag-Erling Smørgrav.Dq Li account 561642eb1aSMark Murrayfeature. 57a2d20838SDag-Erling SmørgravIt also provides null functions for authentication and session 58a2d20838SDag-Erling Smørgravmanagement. 59a2d20838SDag-Erling Smørgrav.Ss SecureTTY Account Management Module 60a2d20838SDag-Erling SmørgravThe SecureTTY account management component 61a2d20838SDag-Erling Smørgrav.Pq Fn pam_sm_acct_mgmt , 62a2d20838SDag-Erling Smørgravreturns failure if the user is attempting to authenticate as superuser, 63a2d20838SDag-Erling Smørgravand the process is attached to an insecure TTY. 64a2d20838SDag-Erling SmørgravIn all other cases, the module returns success. 651642eb1aSMark Murray.Pp 66a2d20838SDag-Erling SmørgravA TTY is considered secure if it is listed in 671642eb1aSMark Murray.Pa /etc/ttys 68a2d20838SDag-Erling Smørgravand has the 691642eb1aSMark Murray.Dv TTY_SECURE 701642eb1aSMark Murrayflag set. 711642eb1aSMark Murray.Pp 721642eb1aSMark MurrayThe following options may be passed to the authentication module: 73ca0bdcddSMark Murray.Bl -tag -width ".Cm no_warn" 741642eb1aSMark Murray.It Cm debug 751642eb1aSMark Murray.Xr syslog 3 761642eb1aSMark Murraydebugging information at 771642eb1aSMark Murray.Dv LOG_DEBUG 781642eb1aSMark Murraylevel. 79ca0bdcddSMark Murray.It Cm no_warn 80ca0bdcddSMark Murraysuppress warning messages to the user. 81ca0bdcddSMark MurrayThese messages include 82ca0bdcddSMark Murrayreasons why the user's 83ca0bdcddSMark Murrayauthentication attempt was declined. 841642eb1aSMark Murray.El 851642eb1aSMark Murray.Sh SEE ALSO 8608ecaa10SRuslan Ermilov.Xr getttynam 3 , 87*6e1fc011SGraham Percival.Xr pam 3 , 881642eb1aSMark Murray.Xr syslog 3 , 891642eb1aSMark Murray.Xr pam.conf 5 , 90*6e1fc011SGraham Percival.Xr ttys 5 91