- NetBSD Manual Pages
PAM_KSU(8) NetBSD System Manager's Manual PAM_KSU(8)
Powered by man-cgi (2021-06-01).
Maintained for NetBSD
by Kimmo Suominen.
Based on man-cgi by Panagiotis Christias.
pam_ksu -- Kerberos 5 SU PAM module
[service-name] module-type control-flag pam_ksu [options]
The Kerberos 5 SU authentication service module for PAM provides func-
tionality for only one PAM category: authentication. In terms of the
module-type parameter, this is the ``auth'' feature. The module is
specifically designed to be used with the su(1) utility.
Kerberos 5 SU Authentication Module
The Kerberos 5 SU authentication component provides functions to verify
the identity of a user (pam_sm_authenticate()), and determine whether or
not the user is authorized to obtain the privileges of the target
account. If the target account is ``root'', then the Kerberos 5 princi-
pal used for authentication and authorization will be the ``root''
instance of the current user, e.g. ``user/root@REAL.M''. Otherwise, the
principal will simply be the current user's default principal, e.g.
The user is prompted for a password if necessary. Authorization is per-
formed by comparing the Kerberos 5 principal with those listed in the
.k5login file in the target account's home directory (e.g. /root/.k5login
The following options may be passed to the authentication module:
debug syslog(3) debugging information at LOG_DEBUG level.
use_first_pass If the authentication module is not the first in the
stack, and a previous module obtained the user's pass-
word, that password is used to authenticate the user. If
this fails, the authentication module returns failure
without prompting the user for a password. This option
has no effect if the authentication module is the first
in the stack, or if no previous modules obtained the
try_first_pass This option is similar to the use_first_pass option,
except that if the previously obtained password fails,
the user is prompted for another password.
su(1), syslog(3), pam.conf(5), pam(8)
NetBSD 9.3 May 15, 2002 NetBSD 9.3