<html> <head> <title> Security Enhanced Linux Reference Policy </title> <style type="text/css" media="all">@import "style.css";</style> </head> <body> <div id="Header">Security Enhanced Linux Reference Policy</div> <div id='Menu'> <a href="admin.html">+ admin</a></br/> <div id='subitem'> </div> <a href="apps.html">+ apps</a></br/> <div id='subitem'> </div> <a href="contrib.html">+ contrib</a></br/> <div id='subitem'> </div> <a href="kernel.html">+ kernel</a></br/> <div id='subitem'> </div> <a href="roles.html">+ roles</a></br/> <div id='subitem'> </div> <a href="services.html">+ services</a></br/> <div id='subitem'> </div> <a href="system.html">+ system</a></br/> <div id='subitem'> - <a href='system_application.html'> application</a><br/> - <a href='system_authlogin.html'> authlogin</a><br/> - <a href='system_clock.html'> clock</a><br/> - <a href='system_fstools.html'> fstools</a><br/> - <a href='system_getty.html'> getty</a><br/> - <a href='system_hostname.html'> hostname</a><br/> - <a href='system_hotplug.html'> hotplug</a><br/> - <a href='system_init.html'> init</a><br/> - <a href='system_ipsec.html'> ipsec</a><br/> - <a href='system_iptables.html'> iptables</a><br/> - <a href='system_kdbus.html'> kdbus</a><br/> - <a href='system_libraries.html'> libraries</a><br/> - <a href='system_locallogin.html'> locallogin</a><br/> - <a href='system_logging.html'> logging</a><br/> - <a href='system_lvm.html'> lvm</a><br/> - <a href='system_miscfiles.html'> miscfiles</a><br/> - <a href='system_modutils.html'> modutils</a><br/> - <a href='system_mount.html'> mount</a><br/> - <a href='system_netlabel.html'> netlabel</a><br/> - <a href='system_selinuxutil.html'> selinuxutil</a><br/> - <a href='system_setrans.html'> setrans</a><br/> - <a href='system_sysnetwork.html'> sysnetwork</a><br/> - <a href='system_systemd.html'> systemd</a><br/> - <a href='system_udev.html'> udev</a><br/> - <a href='system_unconfined.html'> unconfined</a><br/> - <a href='system_userdomain.html'> userdomain</a><br/> </div> <br/><p/> <a href="global_booleans.html">* Global Booleans </a> <br/><p/> <a href="global_tunables.html">* Global Tunables </a> <p/><br/><p/> <a href="index.html">* Layer Index</a> <br/><p/> <a href="booleans.html">* Boolean Index</a> <br/><p/> <a href="tunables.html">* Tunable Index</a> <br/><p/> <a href="interfaces.html">* Interface Index</a> <br/><p/> <a href="templates.html">* Template Index</a> </div> <div id="Content"> <a name="top":></a> <h1>Layer: system</h1><p/> <h2>Module: authlogin</h2><p/> <a href=#tunables>Tunables</a> <a href=#interfaces>Interfaces</a> <h3>Description:</h3> <p><p>Common policy for authentication and user login.</p></p> <hr> <a name="tunables"></a> <h3>Tunables: </h3> <a name="link_authlogin_nsswitch_use_ldap"></a> <div id="interface"> <div id="codeblock">authlogin_nsswitch_use_ldap</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow users to resolve user passwd entries directly from ldap rather then using a sssd server </p><p> </p> </div></div> <a name="link_authlogin_radius"></a> <div id="interface"> <div id="codeblock">authlogin_radius</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow users to login using a radius server </p><p> </p> </div></div> <a name="link_authlogin_yubikey"></a> <div id="interface"> <div id="codeblock">authlogin_yubikey</div> <div id="description"> <h5>Default value</h5> <p>false</p> <h5>Description</h5> <p> </p><p> Allow users to login using a yubikey OTP server or challenge response mode </p><p> </p> </div></div> <a href=#top>Return</a> <a name="interfaces"></a> <h3>Interfaces: </h3> <a name="link_auth_append_faillog"></a> <div id="interface"> <div id="codeblock"> <b>auth_append_faillog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append to the login failure log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_append_lastlog"></a> <div id="interface"> <div id="codeblock"> <b>auth_append_lastlog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append only to the last logins log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_append_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_append_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Append to login records (wtmp). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_can_read_shadow_passwords"></a> <div id="interface"> <div id="codeblock"> <b>auth_can_read_shadow_passwords</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Pass shadow assertion for reading. </p> <h5>Description</h5> <p> </p><p> Pass shadow assertion for reading. This should only be used with auth_tunable_read_shadow(), and only exists because typeattribute does not work in conditionals. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_create_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_create_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_create_lastlog"></a> <div id="interface"> <div id="codeblock"> <b>auth_create_lastlog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage create logins log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_create_pam_console_data_dirs"></a> <div id="interface"> <div id="codeblock"> <b>auth_create_pam_console_data_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create pam var console pid directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_delete_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_delete_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete pam_console data. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_delete_pam_pid"></a> <div id="interface"> <div id="codeblock"> <b>auth_delete_pam_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Delete pam PID files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_chk_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_chk_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Run unix_chkpwd to check a password. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_chkpwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_chkpwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Run unix_chkpwd to check a password. Stripped down version to be called within boolean </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_login_program"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_login_program</b>( domain , target_domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a login_program in the target domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the login_program process. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_pam</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute pam timestamp programs in the pam timestamp domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_pam_console"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_pam_console</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute pam_console with a domain transition. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_pam_timestamp"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_pam_timestamp</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute pam timestamp programs in the pam timestamp domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_upd_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_upd_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a domain transition to run unix_update. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_domtrans_utempter"></a> <div id="interface"> <div id="codeblock"> <b>auth_domtrans_utempter</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute utempter programs in the utempter domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_exec_utempter"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_exec_utempter</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attemps to execute utempter executable. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_getattr_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_getattr_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of the passwd passwords file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_getattr_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_getattr_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to get the attributes of the shadow passwords file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_read_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_read_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read login records files (/var/log/wtmp). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_read_pam_pid"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_read_pam_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attemps to read PAM PID files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_read_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_read_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read the passwd password file (/etc/passwd). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_read_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_read_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to read the shadow password file (/etc/shadow). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_dontaudit_write_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_dontaudit_write_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Do not audit attempts to write to login records files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain to not audit. </p> </td></tr> </table> </div> </div> <a name="link_auth_etc_filetrans_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_etc_filetrans_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Automatic transition from etc to shadow. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_exec_chkpwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_exec_chkpwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute chkpwd in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_exec_login_program"></a> <div id="interface"> <div id="codeblock"> <b>auth_exec_login_program</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a login_program in the caller domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> </table> </div> </div> <a name="link_auth_exec_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_exec_pam</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute the pam program. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_file"></a> <div id="interface"> <div id="codeblock"> <b>auth_file</b>( type )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified type usable as a login file. </p> <h5>Description</h5> <p> </p><p> Make the specified type usable as a login file, This type has restricted modification capabilities when used with other interfaces that permit files_type access. The default type has properties similar to that of the shadow file. This will also make the type usable as a security file, making calls to files_security_file() redundant. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> type </td><td> <p> Type to be used as a login file. </p> </td></tr> </table> </div> </div> <a name="link_auth_filetrans_admin_home_content"></a> <div id="interface"> <div id="codeblock"> <b>auth_filetrans_admin_home_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create auth directory in the /root directory with an correct label. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_filetrans_home_content"></a> <div id="interface"> <div id="codeblock"> <b>auth_filetrans_home_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create auth directory in the user home directory with an correct label. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_filetrans_named_content"></a> <div id="interface"> <div id="codeblock"> <b>auth_filetrans_named_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Transition to authlogin named content </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_getattr_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_getattr_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of the passwd passwords file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_getattr_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_getattr_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Get the attributes of the shadow passwords file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_list_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_list_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> List the contents of the pam_console data directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_log_filetrans_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_log_filetrans_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create a login records in the log directory using a type transition. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_login_entry_type"></a> <div id="interface"> <div id="codeblock"> <b>auth_login_entry_type</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Use the login program as an entry point program. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_login_manage_key"></a> <div id="interface"> <div id="codeblock"> <b>auth_login_manage_key</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage the keyrings of all login programs </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_login_pgm_domain"></a> <div id="interface"> <div id="codeblock"> <b>auth_login_pgm_domain</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Make the specified domain used for a login program. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain type used for a login program domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_login_pgm_sigchld"></a> <div id="interface"> <div id="codeblock"> <b>auth_login_pgm_sigchld</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send a SIGCHLD signal to login programs. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_all_files_except_auth_files"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_all_files_except_auth_files</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage all files on the filesystem, except login files passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_all_files_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_all_files_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage all files on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_faillog"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_faillog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage the login failure log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_home_content"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_home_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the authorization data in the user home directory </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete login records files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete pam_console data files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_pam_pid"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_pam_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage pam PID files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete the passwd password file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create, read, write, and delete the shadow password file. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_manage_var_auth"></a> <div id="interface"> <div id="codeblock"> <b>auth_manage_var_auth</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Manage var auth files. Used by various other applications and pam applets etc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_pid_filetrans_pam_var_console"></a> <div id="interface"> <div id="codeblock"> <b>auth_pid_filetrans_pam_var_console</b>( domain , object_class , name )<br> </div> <div id="description"> <h5>Summary</h5> <p> Create specified objects in pid directories with the pam var console pid file type using a file type transition. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> object_class </td><td> <p> Class of the object being created. </p> </td></tr> <tr><td> name </td><td> <p> The name of the object being created. </p> </td></tr> </table> </div> </div> <a name="link_auth_ranged_domtrans_login_program"></a> <div id="interface"> <div id="codeblock"> <b>auth_ranged_domtrans_login_program</b>( domain , target_domain , range )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute a login_program in the target domain, with a range transition. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> target_domain </td><td> <p> The type of the login_program process. </p> </td></tr> <tr><td> range </td><td> <p> Range of the login program. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_dirs_except_auth_files"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_dirs_except_auth_files</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all directories on the filesystem, except login files and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_dirs_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_dirs_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all directories on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_files_except_auth_files"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_files_except_auth_files</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all files on the filesystem, except login files and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_files_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_files_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all files on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_symlinks_except_auth_files"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_symlinks_except_auth_files</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all symbolic links on the filesystem, except login files and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_all_symlinks_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_all_symlinks_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read all symbolic links on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_home_content"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_home_content</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the authorization data in the user home directory </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_lastlog"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_lastlog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the last logins log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read login records files (/var/log/wtmp). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read pam_console data files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_pam_pid"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_pam_pid</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read PAM PID files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the passwd passwords file (/etc/passwd) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the shadow passwords file (/etc/shadow) </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_read_var_auth"></a> <div id="interface"> <div id="codeblock"> <b>auth_read_var_auth</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read var auth files. Used by various other applications and pam applets etc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_reader_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_reader_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read access to the authlogin module. </p> <h5>Description</h5> <p> </p><p> Read access to the authlogin module. </p><p> </p><p> Currently, this only allows assertions for the shadow passwords file (/etc/shadow) to be passed. No access is granted yet. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_all_files_except_auth_files"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_all_files_except_auth_files</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel all files on the filesystem, except login files and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_all_files_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_all_files_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel all files on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_faillog"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_faillog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel the login failure log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel login record files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_pam_console_data_dirs"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_pam_console_data_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel pam_console data directories. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel from and to the shadow password file type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabel_var_auth_dirs"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabel_var_auth_dirs</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel all var auth files. Used by various other applications and pam applets etc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_relabelto_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_relabelto_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Relabel to the shadow password file type. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_role"></a> <div id="interface"> <div id="codeblock"> <b>auth_role</b>( role , domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Role access for password authentication. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> role </td><td> <p> Role allowed access. </p> </td></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_chk_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_chk_passwd</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute chkpwd programs in the chkpwd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the chkpwd domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_pam</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute pam_timestamp programs in the PAM timestamp domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the PAM domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_pam_timestamp"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_pam_timestamp</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute pam_timestamp programs in the PAM timestamp domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the PAM domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_upd_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_upd_passwd</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute updpwd programs in the updpwd domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the updpwd domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_run_utempter"></a> <div id="interface"> <div id="codeblock"> <b>auth_run_utempter</b>( domain , role )<br> </div> <div id="description"> <h5>Summary</h5> <p> Execute utempter programs in the utempter domain. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed to transition. </p> </td></tr> <tr><td> role </td><td> <p> The role to allow the utempter domain. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_all_files_except_auth_files"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_all_files_except_auth_files</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write all files on the filesystem, except login files and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_all_files_except_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_all_files_except_shadow</b>( domain , exception_types )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write all files on the filesystem, except the shadow passwords and listed exceptions. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> <tr><td> exception_types </td><td> <p> The types to be excluded. Each type or attribute must be negated by the caller. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read/Write authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_faillog"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_faillog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the login failure log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_lastlog"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_lastlog</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write to the last logins log. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write login records. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write the shadow password file (/etc/shadow). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_rw_var_auth"></a> <div id="interface"> <div id="codeblock"> <b>auth_rw_var_auth</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write var auth files. Used by various other applications and pam applets etc. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_search_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_search_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search authentication cache </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_search_pam_console_data"></a> <div id="interface"> <div id="codeblock"> <b>auth_search_pam_console_data</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Search the contents of the pam_console data directory. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_setattr_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_setattr_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Set the attributes of login record files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_signal_chk_passwd"></a> <div id="interface"> <div id="codeblock"> <b>auth_signal_chk_passwd</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send generic signals to chkpwd processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_signal_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_signal_pam</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Send generic signals to pam processes. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_tunable_read_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_tunable_read_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read the shadow password file. </p> <h5>Description</h5> <p> </p><p> Read the shadow password file. This should only be used in a conditional; it does not pass the reading shadow assertion. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_unconfined"></a> <div id="interface"> <div id="codeblock"> <b>auth_unconfined</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Unconfined access to the authlogin module. </p> <h5>Description</h5> <p> </p><p> Unconfined access to the authlogin module. </p><p> </p><p> Currently, this only allows assertions for the shadow passwords file (/etc/shadow) to be passed. No access is granted yet. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_use_nsswitch"></a> <div id="interface"> <div id="codeblock"> <b>auth_use_nsswitch</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Use nsswitch to look up user, password, group, or host information. </p> <h5>Description</h5> <p> </p><p> Allow the specified domain to look up user, password, group, or host information using the name service. The most common use of this interface is for services that do host name resolution (usually DNS resolution). </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_use_pam"></a> <div id="interface"> <div id="codeblock"> <b>auth_use_pam</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Use PAM for authentication. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_var_filetrans_cache"></a> <div id="interface"> <div id="codeblock"> <b>auth_var_filetrans_cache</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Automatic transition from cache_t to cache. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_write_login_records"></a> <div id="interface"> <div id="codeblock"> <b>auth_write_login_records</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write to login records (wtmp). </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_auth_writer_shadow"></a> <div id="interface"> <div id="codeblock"> <b>auth_writer_shadow</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Write access to the authlogin module. </p> <h5>Description</h5> <p> </p><p> Write access to the authlogin module. </p><p> </p><p> Currently, this only allows assertions for the shadow passwords file (/etc/shadow) to be passed. No access is granted yet. </p><p> </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_authlogin_read_state"></a> <div id="interface"> <div id="codeblock"> <b>authlogin_read_state</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read authlogin state files. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a name="link_authlogin_rw_pipes"></a> <div id="interface"> <div id="codeblock"> <b>authlogin_rw_pipes</b>( domain )<br> </div> <div id="description"> <h5>Summary</h5> <p> Read and write a authlogin unnamed pipe. </p> <h5>Parameters</h5> <table border="1" cellspacing="0" cellpadding="3" width="65%"> <tr><th >Parameter:</th><th >Description:</th></tr> <tr><td> domain </td><td> <p> Domain allowed access. </p> </td></tr> </table> </div> </div> <a href=#top>Return</a> </div> </body> </html>
