PAM_TIMESTAMP(8) | Linux-PAM Manual | PAM_TIMESTAMP(8) |
pam_timestamp - Authenticate using cached successful authentication attempts
pam_timestamp.so [timestampdir=directory] [timestamp_timeout=number] [verbose] [debug]
In a nutshell, pam_timestamp caches successful authentication attempts, and allows you to use a recent successful attempt as the basis for authentication. This is similar mechanism which is used in sudo.
When an application opens a session using pam_timestamp, a timestamp file is created in the timestampdir directory for the user. When an application attempts to authenticate the user, a pam_timestamp will treat a sufficiently recent timestamp file as grounds for succeeding.
The default encryption hash is taken from the HMAC_CRYPTO_ALGO variable from /etc/login.defs.
timestampdir=directory
timestamp_timeout=number
verbose
debug
The auth and session module types are provided.
PAM_AUTH_ERR
PAM_SUCCESS
PAM_SESSION_ERR
Users can get confused when they are not always asked for passwords when running a given program. Some users reflexively begin typing information before noticing that it is not being asked for.
auth sufficient pam_timestamp.so verbose auth required pam_unix.so session required pam_unix.so session optional pam_timestamp.so
/var/run/pam_timestamp/...
pam_timestamp was written by Nalin Dahyabhai.
09/03/2021 | Linux-PAM Manual |