<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_daemontools.html'> daemontools</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_iscsi.html'> iscsi</a><br/> - <a href='system_kdump.html'> kdump</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_pcmcia.html'> pcmcia</a><br/> - <a href='system_raid.html'> raid</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sosreport.html'> sosreport</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> - <a href='system_xen.html'> xen</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: system</h1><p/> <h2>Module: authlogin</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>Common policy for authentication and user login.</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_authlogin_radius"></a> <div id="interface"> <div id="codeblock">authlogin_radius</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow users to login using a radius server </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_auth_append_faillog"></a> <div id="interface"> <div id="codeblock"> <b>auth_append_faillog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append to the login failure log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_append_lastlog"></a> <div id="interface"> <div id="codeblock"> <b>auth_append_lastlog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append only to the last logins log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_append_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_append_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append to login records (wtmp). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_can_read_shadow_passwords"></a> <div id="interface"> <div id="codeblock"> <b>auth_can_read_shadow_passwords</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Pass shadow assertion for reading. </p> <h5>Description</h5> <p> </p><p> Pass shadow assertion for reading. This should only be used with auth_tunable_read_shadow(), and only exists because typeattribute does not work in conditionals. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_delete_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_delete_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete pam_console data. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_delete_pam_pid"></a> <div id="interface"> <div id="codeblock"> <b>auth_delete_pam_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete pam PID files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_chk_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_chk_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Run unix_chkpwd to check a password. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_chkpwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_chkpwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Run unix_chkpwd to check a password. Stripped down version to be called within boolean </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_login_program"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_login_program</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a login_program in the target domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the login_program process. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_pam</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute pam programs in the pam domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_pam_console"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_pam_console</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute pam_console with a domain transition. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_upd_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_upd_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a domain transition to run unix_update. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_utempter"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_utempter</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute utempter programs in the utempter domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_exec_utempter"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_exec_utempter</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attemps to execute utempter executable. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_getattr_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_getattr_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of the shadow passwords file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_read_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_read_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read login records files (/var/log/wtmp). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_read_pam_pid"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_read_pam_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attemps to read PAM PID files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_read_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_read_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read the shadow password file (/etc/shadow). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_write_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_write_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write to login records files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_etc_filetrans_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_etc_filetrans_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Automatic transition from etc to shadow. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_exec_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_exec_pam</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the pam program. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_getattr_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_getattr_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of the shadow passwords file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_list_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_list_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List the contents of the pam_console data directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_log_filetrans_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_log_filetrans_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create a login records in the log directory using a type transition. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_login_entry_type"></a> <div id="interface"> <div id="codeblock"> <b>auth_login_entry_type</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Use the login program as an entry point program. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of process using the login program as entry point. </p> </td></tr> </table> </div> </div> <a name="link_auth_login_pgm_domain"></a> <div id="interface"> <div id="codeblock"> <b>auth_login_pgm_domain</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain used for a login program. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain type used for a login program domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_all_files_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_all_files_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage all files on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain perfoming this action. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_faillog"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_faillog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage the login failure log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete login records files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete pam_console data files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_pam_pid"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_pam_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage pam PID files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete the shadow password file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_var_auth"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_var_auth</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage var auth files. Used by various other applications and pam applets etc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_ranged_domtrans_login_program"></a> <div id="interface"> <div id="codeblock"> <b>auth_ranged_domtrans_login_program</b>( domain , target_domain , range )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a login_program in the target domain, with a range transition. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the login_program process. </p> </td></tr> <tr><td> range </td><td> <p> Range of the login program. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_dirs_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_dirs_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all directories on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain perfoming this action. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_files_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_files_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all files on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain perfoming this action. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_symlinks_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_symlinks_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all symbolic links on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain perfoming this action. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_lastlog"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_lastlog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the last logins log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read login records files (/var/log/wtmp). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read pam_console data files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_pam_pid"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_pam_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read PAM PID files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the shadow passwords file (/etc/shadow) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_all_files_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_all_files_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel all files on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain perfoming this action. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel from and to the shadow password file type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabelto_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabelto_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to the shadow password file type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_role"></a> <div id="interface"> <div id="codeblock"> <b>auth_role</b>( role , domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Role access for password authentication. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_chk_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_chk_passwd</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute chkpwd programs in the chkpwd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the chkpwd domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_pam</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute pam programs in the PAM domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the PAM domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_upd_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_upd_passwd</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute updpwd programs in the updpwd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the updpwd domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_utempter"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_utempter</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute utempter programs in the utempter domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the utempter domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_all_files_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_all_files_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write all files on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> The type of the domain perfoming this action. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read/Write authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_faillog"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_faillog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the login failure log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_lastlog"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_lastlog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write to the last logins log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write login records. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the shadow password file (/etc/shadow). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_search_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_search_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_search_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_search_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search the contents of the pam_console data directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_setattr_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_setattr_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the attributes of login record files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_signal_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_signal_pam</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send generic signals to pam processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_tunable_read_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_tunable_read_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the shadow password file. </p> <h5>Description</h5> <p> </p><p> Read the shadow password file. This should only be used in a conditional; it does not pass the reading shadow assertion. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_unconfined"></a> <div id="interface"> <div id="codeblock"> <b>auth_unconfined</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Unconfined access to the authlogin module. </p> <h5>Description</h5> <p> </p><p> Unconfined access to the authlogin module. </p><p> </p><p> Currently, this only allows assertions for the shadow passwords file (/etc/shadow) to be passed. No access is granted yet. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_use_nsswitch"></a> <div id="interface"> <div id="codeblock"> <b>auth_use_nsswitch</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Use nsswitch to look up user, password, group, or host information. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to look up user, password, group, or host information using the name service. The most common use of this interface is for services that do host name resolution (usually DNS resolution). </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_use_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_use_pam</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Use PAM for authentication. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_var_filetrans_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_var_filetrans_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Automatic transition from cache_t to cache. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_write_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_write_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write to login records (wtmp). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>