Common policy for authentication and user login.
Append to the login failure log.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Append only to the last logins log.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Append to login records (wtmp).
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Delete pam_console data.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Delete pam PID files.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Run unix_chkpwd to check a password.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Execute a login_program in the target domain.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
target_domain | The type of the login_program process. | No |
Execute pam programs in the pam domain.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Execute utempter programs in the utempter domain.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Do not audit attemps to execute utempter executable.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to get the attributes of the shadow passwords file.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attemps to read PAM pid files.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain to not audit. | No |
Do not audit attempts to read the shadow password file (/etc/shadow).
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the domain to not audit. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Execute the pam program.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Get the attributes of the shadow passwords file.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Use the login program as an entry point program.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of process using the login program as entry point. | No |
Manage all files on the filesystem, except the shadow passwords and listed exceptions.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the domain perfoming this action. | No |
exception_types | The types to be excluded. Each type or attribute must be negated by the caller. | yes |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read all directories on the filesystem, except the shadow passwords and listed exceptions.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the domain perfoming this action. | No |
exception_types | The types to be excluded. Each type or attribute must be negated by the caller. | yes |
Read all files on the filesystem, except the shadow passwords and listed exceptions.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the domain perfoming this action. | No |
exception_types | The types to be excluded. Each type or attribute must be negated by the caller. | yes |
Read all symbolic links on the filesystem, except the shadow passwords and listed exceptions.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the domain perfoming this action. | No |
exception_types | The types to be excluded. Each type or attribute must be negated by the caller. | yes |
Read the last logins log.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read the shadow passwords file (/etc/shadow)
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Relabel all files on the filesystem, except the shadow passwords and listed exceptions.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the domain perfoming this action. | No |
exception_types | The types to be excluded. Each type or attribute must be negated by the caller. | yes |
Relabel from and to the shadow password file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Relabel to the shadow password file type.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Execute pam programs in the PAM domain.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
role | The role to allow the PAM domain. | No |
terminal | The type of the terminal allow the PAM domain to use. | No |
Execute utempter programs in the utempter domain.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
role | The role to allow the utempter domain. | No |
terminal | The type of the terminal allow the utempter domain to use. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read and write to the last logins log.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Read and write the shadow password file (/etc/shadow).
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Search the contents of the pam_console data directory.
Parameter: | Description: | Optional: |
---|---|---|
domain | The type of the process performing this action. | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Summary is missing!
Parameter: | Description: | Optional: |
---|---|---|
? | Parameter descriptions are missing! | No |
Unconfined access to the authlogin module.
Unconfined access to the authlogin module.
Currently, this only allows assertions for the shadow passwords file (/etc/shadow) to be passed. No access is granted yet.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Use nsswitch to look up uid-username mappings.
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Write to login records (wtmp).
Parameter: | Description: | Optional: |
---|---|---|
domain | Domain allowed access. | No |
Run unix_chkpwd to check a password for a user domain.
Run unix_chkpwd to check a password for a user domain.
This is a templated interface, and should only be called from a per-userdomain template.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix | The prefix of the user domain (e.g., user is the prefix for user_t). | No |
domain | The type of the process performing this action. | No |
Common template to create a domain for authentication.
This template creates a derived domain which is allowed to authenticate users by using PAM unix_chkpwd support.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix | The prefix of the user domain (e.g., user is the prefix for user_t). | No |
The per user domain template for the authlogin module.
This template creates a derived domain which is allowed to authenticate users by using PAM unix_chkpwd support. This domain will be used by any programs running in the user domain which use PAM to authenticate.
This template is invoked automatically for each user, and generally does not need to be invoked directly by policy writers.
Parameter: | Description: | Optional: |
---|---|---|
userdomain_prefix | The prefix of the user domain (e.g., user is the prefix for user_t). | No |
user_domain | The type of the user domain. | No |
user_role | The role associated with the user domain. | No |