pam_keystroke.5 (2012 03)

ManualsBrandsHP ManualsSoftwareHP-UX Manpages

pam_keystroke(5) pam_keystroke(5)

NAME

pam_keystroke - keystroke logging session service module for HP-UX

SYNOPSIS

/usr/lib/security/$ISA/libpam_keystroke.so.1

DESCRIPTION

The keystroke service module implements session management extensions speciﬁc to the HP-UX

RBAC keystroke logging feature described in keystroke (5).

The following remote services are supported by

pam_keystroke(5): telnet, rlogin,

ssh and ftp.

System administrators may decide the use of

pam_keystroke

is not needed for some services and

should modify the

/etc/pam.conf

ﬁle accordingly (see pam.conf (4)).

When the

pam_keystroke

module is present, placement on the stack is discretionary. This module is

speciﬁc to HP-UX 11i v3 and the functionality might vary between releases.

For an interpretation of the module path, see the related information in pam.conf (4).

Options

The following option can be passed to the

keystroke service module for the session component:

debug When speciﬁed, generates syslog(3C) debugging information at LOG_DEBUG and

LOG_WARNING levels, as well as detailed debugging information in a ﬁle with a pathname

speciﬁed by the KEY_STROKE_DEBUG_FILE

parameter in /etc/rbac/rbac.conf.

Session Management Component

This component implements the keystroke logging feature documented in keystroke (5). Other than the

option listed in the Options section above, no additional options are valid.

EXAMPLES

The following is an example of stacking using the

pam_keystroke

module:

sshd session required libpam_hpsec.so.1

sshd session required libpam_unix.so.1

sshd session optional libpam_keystroke.so.1 debug

LIMITATIONS

See LIMITATIONS described in keystroke (5).

APPLICATION USAGE

The pam_sm_*() interfaces implemented in the keystroke service module,

libpam_keystroke

, are not

thread-safe. In a multithreaded application, these routines are safe to call only from one dedicated

thread.

WARNINGS

The size of the debug ﬁle with the pathname speciﬁed by the

KEY_STROKE_DEBUG_FILE

parameter in

/etc/rbac/rbac.conf can become very large. Only set the debug option for troubleshooting pur-

poses.

Also see WARNINGS described in keystroke (5).

FILES

/var/adm/rbac/keystroke.debug

The default pathname of the ﬁle that contains a debug message

trace if the debug option is speciﬁed for this PAM service module.

For information on how to override the default pathname, see

rbac.conf (4).

AUTHOR

pam_keystroke was developed by HP.

HP-UX 11i Version 3: March 2012 − 1 − Hewlett-Packard Company 1

Summary of content (2 pages)

PAGE 1
pam_keystroke(5) pam_keystroke(5) NAME pam_keystroke - keystroke logging session service module for HP-UX SYNOPSIS /usr/lib/security/$ISA/libpam_keystroke.so.1 DESCRIPTION The keystroke service module implements session management extensions specific to the HP-UX RBAC keystroke logging feature described in keystroke (5). The following remote services are supported by pam_keystroke(5): telnet, rlogin, ssh and ftp.
PAGE 2
pam_keystroke(5) pam_keystroke(5) SEE ALSO pam(3), pam_open_session(3), key_filter(4), pam.conf(4), rbac.