GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
PAM_PEFS(8) FreeBSD System Manager's Manual PAM_PEFS(8)

pam_pefs
pefs PAM module

[service-name] module-type control-flag pam_pefs [options]

The pefs authentication service module for PAM, pam_pefs provides functionality for two PAM categories: authentication and session management. In terms of the module-type parameter, they are the “auth” and “session” features.

Module expects pefs file system to be mounted on user home directory and fails otherwise.

The pefs authentication component provides a function to verify the identity of a user (pam_sm_authenticate()), by prompting the user for a passphrase and verifying that it exists in pefs key chain database.

The following options may be passed to the authentication module:

If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password is used to authenticate the user. If this fails, the authentication module returns failure without prompting the user for a password. This option has no effect if the authentication module is the first in the stack, or if no previous modules obtained the user's password.
This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is prompted for another password.
Accept any passphrase provided by the user. This option is used not to authenticate user, but to preserve keys that should be added to pefs file system by session management module. Option is incompatible with try_first_pass option and should be used with use_first_pass option.
Remove keys at the end of last session. Module tracks the number of concurrent sessions, removing all keys from file system when session count reaches zero.

The pefs session management component provides functions to initiate (pam_sm_open_session()) and terminate (pam_sm_close_session()) sessions. The pam_sm_open_session() function adds key or key chain decrypted during the authentication phase to the pefs file system mounted on user home directory.

$HOME/.pefs.conf
pefs configuration file
$HOME/.pefs.db
pefs key chain database file

pam.conf(5), pam(8) pefs(8)

The pam_pefs module was written by Gleb Kurtsou ⟨gleb@FreeBSD.org⟩.

pam_sm_close_session() function doesn't delete keys added during by pam_sm_open_session().
December 1, 2009 FreeBSD 13.1-RELEASE
Search for    or go to Top of page |  Section 8 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.