Blob Blame History Raw
<html>
<head>
<title>
 Security Enhanced Linux Reference Policy
 </title>
<style type="text/css" media="all">@import "style.css";</style>
</head>
<body>
<div id="Header">Security Enhanced Linux Reference Policy</div>
<div id='Menu'>
	
		<a href="admin.html">+&nbsp;
		admin</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="apps.html">+&nbsp;
		apps</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="kernel.html">+&nbsp;
		kernel</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="services.html">+&nbsp;
		services</a></br/>
		<div id='subitem'>
		
		</div>
	
		<a href="system.html">+&nbsp;
		system</a></br/>
		<div id='subitem'>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_authlogin.html'>
			authlogin</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_clock.html'>
			clock</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_daemontools.html'>
			daemontools</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_fstools.html'>
			fstools</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_getty.html'>
			getty</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hostname.html'>
			hostname</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_hotplug.html'>
			hotplug</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_init.html'>
			init</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_ipsec.html'>
			ipsec</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_iptables.html'>
			iptables</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_libraries.html'>
			libraries</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_locallogin.html'>
			locallogin</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_logging.html'>
			logging</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_lvm.html'>
			lvm</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_miscfiles.html'>
			miscfiles</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_modutils.html'>
			modutils</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_mount.html'>
			mount</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_pcmcia.html'>
			pcmcia</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_raid.html'>
			raid</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_selinuxutil.html'>
			selinuxutil</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_sysnetwork.html'>
			sysnetwork</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_udev.html'>
			udev</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_unconfined.html'>
			unconfined</a><br/>
		
			&nbsp;&nbsp;&nbsp;-&nbsp;<a href='system_userdomain.html'>
			userdomain</a><br/>
		
		</div>
	
	<br/><p/>
	<a href="global_booleans.html">*&nbsp;Global&nbsp;Booleans&nbsp;</a>
	<br/><p/>
	<a href="global_tunables.html">*&nbsp;Global&nbsp;Tunables&nbsp;</a>
	<p/><br/><p/>
	<a href="index.html">*&nbsp;Layer Index</a>
	<br/><p/>
	<a href="interfaces.html">*&nbsp;Interface&nbsp;Index</a>
	<br/><p/>
	<a href="templates.html">*&nbsp;Template&nbsp;Index</a>
</div>

<div id="Content">
<a name="top":></a>
<h1>Layer: system</h1><p/>
<h2>Module: authlogin</h2><p/>

<a href=#interfaces>Interfaces</a>
<a href=#templates>Templates</a>

<h3>Description:</h3>

<p><p>Common policy for authentication and user login.</p></p>



<a name="interfaces"></a>
<h3>Interfaces: </h3>

<a name="link_auth_append_faillog"></a>
<div id="interface">


<div id="codeblock">

<b>auth_append_faillog</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Append to the login failure log.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_append_lastlog"></a>
<div id="interface">


<div id="codeblock">

<b>auth_append_lastlog</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Append only to the last logins log.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_append_login_records"></a>
<div id="interface">


<div id="codeblock">

<b>auth_append_login_records</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Append to login records (wtmp).
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_can_read_shadow_passwords"></a>
<div id="interface">


<div id="codeblock">

<b>auth_can_read_shadow_passwords</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_delete_pam_console_data"></a>
<div id="interface">


<div id="codeblock">

<b>auth_delete_pam_console_data</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Delete pam_console data.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_delete_pam_pid"></a>
<div id="interface">


<div id="codeblock">

<b>auth_delete_pam_pid</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Delete pam PID files.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_domtrans_chk_passwd"></a>
<div id="interface">


<div id="codeblock">

<b>auth_domtrans_chk_passwd</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Run unix_chkpwd to check a password.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_domtrans_login_program"></a>
<div id="interface">


<div id="codeblock">

<b>auth_domtrans_login_program</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		target_domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Execute a login_program in the target domain.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

<tr><td>
target_domain
</td><td>
<p>
The type of the login_program process.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_domtrans_pam"></a>
<div id="interface">


<div id="codeblock">

<b>auth_domtrans_pam</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Execute pam programs in the pam domain.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_domtrans_pam_console"></a>
<div id="interface">


<div id="codeblock">

<b>auth_domtrans_pam_console</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_domtrans_utempter"></a>
<div id="interface">


<div id="codeblock">

<b>auth_domtrans_utempter</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Execute utempter programs in the utempter domain.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_dontaudit_exec_utempter"></a>
<div id="interface">


<div id="codeblock">

<b>auth_dontaudit_exec_utempter</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Do not audit attemps to execute utempter executable.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_dontaudit_getattr_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_dontaudit_getattr_shadow</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Do not audit attempts to get the attributes
of the shadow passwords file.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_dontaudit_read_pam_pid"></a>
<div id="interface">


<div id="codeblock">

<b>auth_dontaudit_read_pam_pid</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Do not audit attemps to read PAM pid files.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain to not audit.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_dontaudit_read_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_dontaudit_read_shadow</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Do not audit attempts to read the shadow
password file (/etc/shadow).
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the domain to not audit.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_dontaudit_write_login_records"></a>
<div id="interface">


<div id="codeblock">

<b>auth_dontaudit_write_login_records</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_exec_pam"></a>
<div id="interface">


<div id="codeblock">

<b>auth_exec_pam</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Execute the pam program.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_getattr_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_getattr_shadow</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Get the attributes of the shadow passwords file.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_list_pam_console_data"></a>
<div id="interface">


<div id="codeblock">

<b>auth_list_pam_console_data</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_log_filetrans_login_records"></a>
<div id="interface">


<div id="codeblock">

<b>auth_log_filetrans_login_records</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_login_entry_type"></a>
<div id="interface">


<div id="codeblock">

<b>auth_login_entry_type</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Use the login program as an entry point program.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of process using the login program as entry point.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_manage_all_files_except_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_manage_all_files_except_shadow</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		exception_types
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Manage all files on the filesystem, except
the shadow passwords and listed exceptions.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the domain perfoming this action.
</p>
</td><td>
No
</td></tr>

<tr><td>
exception_types
</td><td>
<p>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</p>
</td><td>
Yes
</td></tr>

</table>
</div>
</div>

<a name="link_auth_manage_login_records"></a>
<div id="interface">


<div id="codeblock">

<b>auth_manage_login_records</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_manage_pam_console_data"></a>
<div id="interface">


<div id="codeblock">

<b>auth_manage_pam_console_data</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_manage_pam_pid"></a>
<div id="interface">


<div id="codeblock">

<b>auth_manage_pam_pid</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Manage pam PID files.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_manage_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_manage_shadow</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_manage_var_auth"></a>
<div id="interface">


<div id="codeblock">

<b>auth_manage_var_auth</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Manage var auth files. Used by various other applications
and pam applets etc.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_read_all_dirs_except_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_read_all_dirs_except_shadow</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		exception_types
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Read all directories on the filesystem, except
the shadow passwords and listed exceptions.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the domain perfoming this action.
</p>
</td><td>
No
</td></tr>

<tr><td>
exception_types
</td><td>
<p>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</p>
</td><td>
Yes
</td></tr>

</table>
</div>
</div>

<a name="link_auth_read_all_files_except_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_read_all_files_except_shadow</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		exception_types
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Read all files on the filesystem, except
the shadow passwords and listed exceptions.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the domain perfoming this action.
</p>
</td><td>
No
</td></tr>

<tr><td>
exception_types
</td><td>
<p>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</p>
</td><td>
Yes
</td></tr>

</table>
</div>
</div>

<a name="link_auth_read_all_symlinks_except_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_read_all_symlinks_except_shadow</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		exception_types
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Read all symbolic links on the filesystem, except
the shadow passwords and listed exceptions.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the domain perfoming this action.
</p>
</td><td>
No
</td></tr>

<tr><td>
exception_types
</td><td>
<p>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</p>
</td><td>
Yes
</td></tr>

</table>
</div>
</div>

<a name="link_auth_read_lastlog"></a>
<div id="interface">


<div id="codeblock">

<b>auth_read_lastlog</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Read the last logins log.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_read_login_records"></a>
<div id="interface">


<div id="codeblock">

<b>auth_read_login_records</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_read_pam_console_data"></a>
<div id="interface">


<div id="codeblock">

<b>auth_read_pam_console_data</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_read_pam_pid"></a>
<div id="interface">


<div id="codeblock">

<b>auth_read_pam_pid</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_read_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_read_shadow</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Read the shadow passwords file (/etc/shadow)
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_relabel_all_files_except_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_relabel_all_files_except_shadow</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		exception_types
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Relabel all files on the filesystem, except
the shadow passwords and listed exceptions.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the domain perfoming this action.
</p>
</td><td>
No
</td></tr>

<tr><td>
exception_types
</td><td>
<p>
The types to be excluded.  Each type or attribute
must be negated by the caller.
</p>
</td><td>
Yes
</td></tr>

</table>
</div>
</div>

<a name="link_auth_relabel_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_relabel_shadow</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Relabel from and to the shadow
password file type.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_relabelto_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_relabelto_shadow</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Relabel to the shadow
password file type.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_run_pam"></a>
<div id="interface">


<div id="codeblock">

<b>auth_run_pam</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		role
		
	
		
			,
		
		
		
		terminal
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Execute pam programs in the PAM domain.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

<tr><td>
role
</td><td>
<p>
The role to allow the PAM domain.
</p>
</td><td>
No
</td></tr>

<tr><td>
terminal
</td><td>
<p>
The type of the terminal allow the PAM domain to use.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_run_utempter"></a>
<div id="interface">


<div id="codeblock">

<b>auth_run_utempter</b>(
	
		
		
		
		domain
		
	
		
			,
		
		
		
		role
		
	
		
			,
		
		
		
		terminal
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Execute utempter programs in the utempter domain.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

<tr><td>
role
</td><td>
<p>
The role to allow the utempter domain.
</p>
</td><td>
No
</td></tr>

<tr><td>
terminal
</td><td>
<p>
The type of the terminal allow the utempter domain to use.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_rw_faillog"></a>
<div id="interface">


<div id="codeblock">

<b>auth_rw_faillog</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_rw_lastlog"></a>
<div id="interface">


<div id="codeblock">

<b>auth_rw_lastlog</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Read and write to the last logins log.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_rw_login_records"></a>
<div id="interface">


<div id="codeblock">

<b>auth_rw_login_records</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_rw_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_rw_shadow</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Read and write the shadow password file (/etc/shadow).
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_search_pam_console_data"></a>
<div id="interface">


<div id="codeblock">

<b>auth_search_pam_console_data</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Search the contents of the
pam_console data directory.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_setattr_login_records"></a>
<div id="interface">


<div id="codeblock">

<b>auth_setattr_login_records</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_tunable_read_shadow"></a>
<div id="interface">


<div id="codeblock">

<b>auth_tunable_read_shadow</b>(
	
		
		
		
		?
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Summary is missing!
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
?
</td><td>
<p>
Parameter descriptions are missing!
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_unconfined"></a>
<div id="interface">


<div id="codeblock">

<b>auth_unconfined</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Unconfined access to the authlogin module.
</p>


<h5>Description</h5>
<p>
</p><p>
Unconfined access to the authlogin module.
</p><p>
</p><p>
Currently, this only allows assertions for
the shadow passwords file (/etc/shadow) to
be passed.  No access is granted yet.
</p><p>
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_use_nsswitch"></a>
<div id="interface">


<div id="codeblock">

<b>auth_use_nsswitch</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Use nsswitch to look up uid-username mappings.
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_auth_write_login_records"></a>
<div id="interface">


<div id="codeblock">

<b>auth_write_login_records</b>(
	
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Write to login records (wtmp).
</p>


<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
domain
</td><td>
<p>
Domain allowed access.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>


<a href=#top>Return</a>


<a name="templates"></a>
<h3>Templates: </h3>

<a name="link_auth_domtrans_user_chk_passwd"></a>
<div id="template">


<div id="codeblock">

<b>auth_domtrans_user_chk_passwd</b>(
	
		
		
		
		userdomain_prefix
		
	
		
			,
		
		
		
		domain
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Run unix_chkpwd to check a password
for a user domain.
</p>


<h5>Description</h5>
<p>
</p><p>
Run unix_chkpwd to check a password
for a user domain.
</p><p>
</p><p>
This is a templated interface, and should only
be called from a per-userdomain template.
</p><p>
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
userdomain_prefix
</td><td>
<p>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</p>
</td><td>
No
</td></tr>

<tr><td>
domain
</td><td>
<p>
The type of the process performing this action.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_authlogin_common_auth_domain_template"></a>
<div id="template">


<div id="codeblock">

<b>authlogin_common_auth_domain_template</b>(
	
		
		
		
		userdomain_prefix
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
Common template to create a domain for authentication.
</p>


<h5>Description</h5>
<p>
</p><p>
This template creates a derived domain which is allowed
to authenticate users by using PAM unix_chkpwd support.
</p><p>
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
userdomain_prefix
</td><td>
<p>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>

<a name="link_authlogin_per_userdomain_template"></a>
<div id="template">


<div id="codeblock">

<b>authlogin_per_userdomain_template</b>(
	
		
		
		
		userdomain_prefix
		
	
		
			,
		
		
		
		user_domain
		
	
		
			,
		
		
		
		user_role
		
	
	)<br>
</div>
<div id="description">

<h5>Summary</h5>
<p>
The per user domain template for the authlogin module.
</p>


<h5>Description</h5>
<p>
</p><p>
This template creates a derived domain which is allowed
to authenticate users by using PAM unix_chkpwd support.
This domain will be used by any programs running in the
user domain which use PAM to authenticate.
</p><p>
</p><p>
This template is invoked automatically for each user, and
generally does not need to be invoked directly
by policy writers.
</p><p>
</p>

<h5>Parameters</h5>
<table border="1" cellspacing="0" cellpadding="3" width="80%">
<tr><th >Parameter:</td><th >Description:</td><th >Optional:</td></tr>

<tr><td>
userdomain_prefix
</td><td>
<p>
The prefix of the user domain (e.g., user
is the prefix for user_t).
</p>
</td><td>
No
</td></tr>

<tr><td>
user_domain
</td><td>
<p>
The type of the user domain.
</p>
</td><td>
No
</td></tr>

<tr><td>
user_role
</td><td>
<p>
The role associated with the user domain.
</p>
</td><td>
No
</td></tr>

</table>
</div>
</div>


<a href=#top>Return</a>



</div>
</body>
</html>