selinux-policy/www/api-docs/system_authlogin.html
2005-09-22 18:40:05 +00:00

1870 lines
24 KiB
HTML

<html>
<head>
<title>
Security Enhanced Linux Reference Policy
</title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
<a href="admin.html">+&nbsp;
admin</a></br/>
<div id='subitem'>
</div>
<a href="apps.html">+&nbsp;
apps</a></br/>
<div id='subitem'>
</div>
<a href="kernel.html">+&nbsp;
kernel</a></br/>
<div id='subitem'>
</div>
<a href="services.html">+&nbsp;
services</a></br/>
<div id='subitem'>
</div>
<a href="system.html">+&nbsp;
system</a></br/>
<div id='subitem'>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
authlogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
clock</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_corecommands.html'>
corecommands</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_domain.html'>
domain</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_files.html'>
files</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
fstools</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
getty</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
hostname</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
hotplug</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
init</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
ipsec</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
iptables</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
libraries</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
locallogin</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
logging</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
lvm</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
miscfiles</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
modutils</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
mount</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
pcmcia</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
raid</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
selinuxutil</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
sysnetwork</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
udev</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
unconfined</a><br/>
&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
userdomain</a><br/>
</div>
<br/><p/>
<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
<br/><p/>
<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
<p/><br/><p/>
<a href="index.html">*&nbsp;Layer Index</a>
<br/><p/>
<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
<br/><p/>
<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>
<div id="Content">
<a name="top":></a>
<h1>Layer: system</h1><p/>
<h2>Module: authlogin</h2><p/>
<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>
<h3>Description:</h3>
<p><p>Common policy for authentication and user login.</p></p>
<a name="interfaces"></a>
<h3>Interfaces: </h3>
<a name="link_auth_append_faillog"></a>
<div id="interface">
<div id="codeblock">
<b>auth_append_faillog</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Append to the login failure log.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_create_login_records"></a>
<div id="interface">
<div id="codeblock">
<b>auth_create_login_records</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_delete_pam_console_data"></a>
<div id="interface">
<div id="codeblock">
<b>auth_delete_pam_console_data</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Delete pam_console data.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_delete_pam_pid"></a>
<div id="interface">
<div id="codeblock">
<b>auth_delete_pam_pid</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Delete pam PID files.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_domtrans_chk_passwd"></a>
<div id="interface">
<div id="codeblock">
<b>auth_domtrans_chk_passwd</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Run unix_chkpwd to check a password.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_domtrans_login_program"></a>
<div id="interface">
<div id="codeblock">
<b>auth_domtrans_login_program</b>(
domain
,
target_domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute a login_program in the target domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
target_domain
</td><td>
The type of the login_program process.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_domtrans_pam"></a>
<div id="interface">
<div id="codeblock">
<b>auth_domtrans_pam</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute pam programs in the pam domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_domtrans_pam_console"></a>
<div id="interface">
<div id="codeblock">
<b>auth_domtrans_pam_console</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_domtrans_utempter"></a>
<div id="interface">
<div id="codeblock">
<b>auth_domtrans_utempter</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute utempter programs in the utempter domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_dontaudit_getattr_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_dontaudit_getattr_shadow</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of the shadow passwords file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_dontaudit_read_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_dontaudit_read_shadow</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Do not audit attempts to read the shadow
password file (/etc/shadow).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the domain to not audit.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_dontaudit_write_login_records"></a>
<div id="interface">
<div id="codeblock">
<b>auth_dontaudit_write_login_records</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_exec_pam"></a>
<div id="interface">
<div id="codeblock">
<b>auth_exec_pam</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute the pam program.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_getattr_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_getattr_shadow</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Get the attributes of the shadow passwords file.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_list_pam_console_data"></a>
<div id="interface">
<div id="codeblock">
<b>auth_list_pam_console_data</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_login_entry_type"></a>
<div id="interface">
<div id="codeblock">
<b>auth_login_entry_type</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Use the login program as an entry point program.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of process using the login program as entry point.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_manage_all_files_except_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_manage_all_files_except_shadow</b>(
domain
,
[
exception_types
]
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Manage all files on the filesystem, except
the shadow passwords and listed exceptions.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the domain perfoming this action.
</td><td>
No
</td></tr>
<tr><td>
exception_types
</td><td>
The types to be excluded. Each type or attribute
must be negated by the caller.
</td><td>
yes
</td></tr>
</table>
</div>
</div>
<a name="link_auth_manage_login_records"></a>
<div id="interface">
<div id="codeblock">
<b>auth_manage_login_records</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_manage_pam_console_data"></a>
<div id="interface">
<div id="codeblock">
<b>auth_manage_pam_console_data</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_manage_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_manage_shadow</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_read_login_records"></a>
<div id="interface">
<div id="codeblock">
<b>auth_read_login_records</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_read_pam_console_data"></a>
<div id="interface">
<div id="codeblock">
<b>auth_read_pam_console_data</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_read_pam_pid"></a>
<div id="interface">
<div id="codeblock">
<b>auth_read_pam_pid</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_read_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_read_shadow</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read the shadow passwords file (/etc/shadow)
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_relabel_all_files_except_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_relabel_all_files_except_shadow</b>(
domain
,
[
exception_types
]
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Relabel all files on the filesystem, except
the shadow passwords and listed exceptions.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the domain perfoming this action.
</td><td>
No
</td></tr>
<tr><td>
exception_types
</td><td>
The types to be excluded. Each type or attribute
must be negated by the caller.
</td><td>
yes
</td></tr>
</table>
</div>
</div>
<a name="link_auth_relabelto_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_relabelto_shadow</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_run_pam"></a>
<div id="interface">
<div id="codeblock">
<b>auth_run_pam</b>(
domain
,
role
,
terminal
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute pam programs in the PAM domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
role
</td><td>
The role to allow the PAM domain.
</td><td>
No
</td></tr>
<tr><td>
terminal
</td><td>
The type of the terminal allow the PAM domain to use.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_run_utempter"></a>
<div id="interface">
<div id="codeblock">
<b>auth_run_utempter</b>(
domain
,
role
,
terminal
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Execute utempter programs in the utempter domain.
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
<tr><td>
role
</td><td>
The role to allow the utempter domain.
</td><td>
No
</td></tr>
<tr><td>
terminal
</td><td>
The type of the terminal allow the utempter domain to use.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_rw_faillog"></a>
<div id="interface">
<div id="codeblock">
<b>auth_rw_faillog</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_rw_lastlog"></a>
<div id="interface">
<div id="codeblock">
<b>auth_rw_lastlog</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_rw_login_records"></a>
<div id="interface">
<div id="codeblock">
<b>auth_rw_login_records</b>(
?
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Summary is missing!
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
?
</td><td>
Parameter descriptions are missing!
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_rw_shadow"></a>
<div id="interface">
<div id="codeblock">
<b>auth_rw_shadow</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Read and write the shadow password file (/etc/shadow).
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_auth_unconfined"></a>
<div id="interface">
<div id="codeblock">
<b>auth_unconfined</b>(
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Unconfined access to the authlogin module.
</p>
<h5>Description</h5>
<p>
</p><p>
Unconfined access to the authlogin module.
</p><p>
</p><p>
Currently, this only allows assertions for
the shadow passwords file (/etc/shadow) to
be passed. No access is granted yet.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
domain
</td><td>
Domain allowed access.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
<a name="templates"></a>
<h3>Templates: </h3>
<a name="link_auth_domtrans_user_chk_passwd"></a>
<div id="template">
<div id="codeblock">
<b>auth_domtrans_user_chk_passwd</b>(
userdomain_prefix
,
domain
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
Run unix_chkpwd to check a password
for a user domain.
</p>
<h5>Description</h5>
<p>
</p><p>
Run unix_chkpwd to check a password
for a user domain.
</p><p>
</p><p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
userdomain_prefix
</td><td>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</td><td>
No
</td></tr>
<tr><td>
domain
</td><td>
The type of the process performing this action.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a name="link_authlogin_per_userdomain_template"></a>
<div id="template">
<div id="codeblock">
<b>authlogin_per_userdomain_template</b>(
userdomain_prefix
,
user_domain
,
user_role
)<br>
</div>
<div id="description">
<h5>Summary</h5>
<p>
The per user domain template for the authlogin module.
</p>
<h5>Description</h5>
<p>
</p><p>
This template creates a derived domain which is allowed
to authenticate users by using PAM unix_chkpwd support.
This domain will be used by any programs running in the
user domain which use PAM to authenticate.
</p><p>
</p><p>
This template is invoked automatically for each user, and
generally does not need to be invoked directly
by policy writers.
</p><p>
</p>
<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>
<tr><td>
userdomain_prefix
</td><td>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</td><td>
No
</td></tr>
<tr><td>
user_domain
</td><td>
The type of the user domain.
</td><td>
No
</td></tr>
<tr><td>
user_role
</td><td>
The role associated with the user domain.
</td><td>
No
</td></tr>
</table>
</div>
</div>
<a href=#top>Return</a>
</div>
</body>
</html>