Проект OpenNet: MAN pam_timestamp (8) Команды системного администрирования (FreeBSD и Linux)

Интерактивная система просмотра системных руководств (man-ов)

pam_timestamp (8)

>> pam_timestamp (8) ( Linux man: Команды системного администрирования )

NAME

pam_timestamp - authenticate using cached successful authentication attempts

SYNOPSIS

auth sufficient /lib/security/pam_timestamp.so
session optional /lib/security/pam_timestamp.so

DESCRIPTION

In a nutshell, pam_timestamp caches successful authentication attempts, and allows you to use a recent successful attempt as the basis for authentication.

When an application opens a session using pam_timestamp, a timestamp file is created in the timestampdir directory for the user. When an application attempts to authenticate the user, a pam_timestamp will treat a sufficiently- recent timestamp file as grounds for succeeding.

ARGUMENTS

debug: turns on debugging via syslog(3).
timestampdir=name: tells pam_timestamp.so where to place and search for timestamp files. This should match the directory configured for sudo(1) in the sudoers(5) file.
timestamp_timeout=number: tells pam_timestamp.so how long it should treat timestamp files as valid after their last modification date. This should match the value configured for sudo(1) in the sudoers(5) file.
verbose: attempt to inform the user when access is granted.

EXAMPLE

/etc/pam.d/some-config-tool:
auth sufficient /lib/security/pam_timestamp.so verbose auth required /lib/security/pam_unix.so
session required /lib/security/pam_permit.so session optional /lib/security/pam_timestamp.so

CAVEATS

Users can get confused when they aren't always asked for passwords when running a given program. Some users reflexively begin typing information before noticing that it's not being asked for.