Layer: system

Module: authlogin

Interfaces Templates

Description:

Common policy for authentication and user login.

Interfaces:

auth_append_faillog( domain )
Summary

Append to the login failure log.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_append_lastlog( domain )
Summary

Append only to the last logins log.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_append_login_records( domain )
Summary

Append to login records (wtmp).

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_can_read_shadow_passwords( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_delete_pam_console_data( domain )
Summary

Delete pam_console data.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_delete_pam_pid( domain )
Summary

Delete pam PID files.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_domtrans_chk_passwd( domain )
Summary

Run unix_chkpwd to check a password.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_domtrans_login_program( domain , target_domain )
Summary

Execute a login_program in the target domain.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
target_domain The type of the login_program process. No
auth_domtrans_pam( domain )
Summary

Execute pam programs in the pam domain.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_domtrans_pam_console( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_domtrans_utempter( domain )
Summary

Execute utempter programs in the utempter domain.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_dontaudit_exec_utempter( domain )
Summary

Do not audit attemps to execute utempter executable.

Parameters
Parameter:Description:Optional:
domain Domain to not audit. No
auth_dontaudit_getattr_shadow( domain )
Summary

Do not audit attempts to get the attributes of the shadow passwords file.

Parameters
Parameter:Description:Optional:
domain Domain to not audit. No
auth_dontaudit_read_pam_pid( domain )
Summary

Do not audit attemps to read PAM pid files.

Parameters
Parameter:Description:Optional:
domain Domain to not audit. No
auth_dontaudit_read_shadow( domain )
Summary

Do not audit attempts to read the shadow password file (/etc/shadow).

Parameters
Parameter:Description:Optional:
domain The type of the domain to not audit. No
auth_dontaudit_write_login_records( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_exec_pam( domain )
Summary

Execute the pam program.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_filetrans_login_records( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_getattr_shadow( domain )
Summary

Get the attributes of the shadow passwords file.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_list_pam_console_data( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_login_entry_type( domain )
Summary

Use the login program as an entry point program.

Parameters
Parameter:Description:Optional:
domain The type of process using the login program as entry point. No
auth_manage_all_files_except_shadow( domain , [ exception_types ] )
Summary

Manage all files on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:Optional:
domain The type of the domain perfoming this action. No
exception_types The types to be excluded. Each type or attribute must be negated by the caller. yes
auth_manage_login_records( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_manage_pam_console_data( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_manage_shadow( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_read_all_dirs_except_shadow( domain , [ exception_types ] )
Summary

Read all directories on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:Optional:
domain The type of the domain perfoming this action. No
exception_types The types to be excluded. Each type or attribute must be negated by the caller. yes
auth_read_all_files_except_shadow( domain , [ exception_types ] )
Summary

Read all files on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:Optional:
domain The type of the domain perfoming this action. No
exception_types The types to be excluded. Each type or attribute must be negated by the caller. yes
auth_read_all_symlinks_except_shadow( domain , [ exception_types ] )
Summary

Read all symbolic links on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:Optional:
domain The type of the domain perfoming this action. No
exception_types The types to be excluded. Each type or attribute must be negated by the caller. yes
auth_read_lastlog( domain )
Summary

Read the last logins log.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_read_login_records( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_read_pam_console_data( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_read_pam_pid( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_read_shadow( domain )
Summary

Read the shadow passwords file (/etc/shadow)

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_relabel_all_files_except_shadow( domain , [ exception_types ] )
Summary

Relabel all files on the filesystem, except the shadow passwords and listed exceptions.

Parameters
Parameter:Description:Optional:
domain The type of the domain perfoming this action. No
exception_types The types to be excluded. Each type or attribute must be negated by the caller. yes
auth_relabel_shadow( domain )
Summary

Relabel from and to the shadow password file type.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_relabelto_shadow( domain )
Summary

Relabel to the shadow password file type.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_run_pam( domain , role , terminal )
Summary

Execute pam programs in the PAM domain.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
role The role to allow the PAM domain. No
terminal The type of the terminal allow the PAM domain to use. No
auth_run_utempter( domain , role , terminal )
Summary

Execute utempter programs in the utempter domain.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
role The role to allow the utempter domain. No
terminal The type of the terminal allow the utempter domain to use. No
auth_rw_faillog( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_rw_lastlog( domain )
Summary

Read and write to the last logins log.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_rw_login_records( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_rw_shadow( domain )
Summary

Read and write the shadow password file (/etc/shadow).

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_search_pam_console_data( domain )
Summary

Search the contents of the pam_console data directory.

Parameters
Parameter:Description:Optional:
domain The type of the process performing this action. No
auth_setattr_login_records( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_tunable_read_shadow( ? )
Summary

Summary is missing!

Parameters
Parameter:Description:Optional:
? Parameter descriptions are missing! No
auth_unconfined( domain )
Summary

Unconfined access to the authlogin module.

Description

Unconfined access to the authlogin module.

Currently, this only allows assertions for the shadow passwords file (/etc/shadow) to be passed. No access is granted yet.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_use_nsswitch( domain )
Summary

Use nsswitch to look up uid-username mappings.

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
auth_write_login_records( domain )
Summary

Write to login records (wtmp).

Parameters
Parameter:Description:Optional:
domain Domain allowed access. No
Return

Templates:

auth_domtrans_user_chk_passwd( userdomain_prefix , domain )
Summary

Run unix_chkpwd to check a password for a user domain.

Description

Run unix_chkpwd to check a password for a user domain.

This is a templated interface, and should only be called from a per-userdomain template.

Parameters
Parameter:Description:Optional:
userdomain_prefix The prefix of the user domain (e.g., user is the prefix for user_t). No
domain The type of the process performing this action. No
authlogin_common_auth_domain_template( userdomain_prefix )
Summary

Common template to create a domain for authentication.

Description

This template creates a derived domain which is allowed to authenticate users by using PAM unix_chkpwd support.

Parameters
Parameter:Description:Optional:
userdomain_prefix The prefix of the user domain (e.g., user is the prefix for user_t). No
authlogin_per_userdomain_template( userdomain_prefix , user_domain , user_role )
Summary

The per user domain template for the authlogin module.

Description

This template creates a derived domain which is allowed to authenticate users by using PAM unix_chkpwd support. This domain will be used by any programs running in the user domain which use PAM to authenticate.

This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.

Parameters
Parameter:Description:Optional:
userdomain_prefix The prefix of the user domain (e.g., user is the prefix for user_t). No
user_domain The type of the user domain. No
user_role The role associated with the user domain. No
Return