PAM policy | EPM-L
submitconfirmuserpam
Description
The submitconfirmuserpam() function controls whether or not a user must enter a password before the current task request is accepted. Password authentication and account management is performed by PAM and name of the PAM service must be provided. When this function is set, the user submitting the request is prompted for the password that is associated with the submit host user name set in this function.
When used, this policy function overrides the pampasswordservice setting in the submit host’s settings file and works even if the PAM setting is set to no.
The user’s failure to provide the correct password does not automatically result in a rejection of the secured task request. The policy should examine the result of the submitconfirmuserpam() function and respond accordingly.
Syntax
result = submitconfirmuserpam(user, pampasswordservice[, prompt[, attempts[, name, time]]]);Arguments
Return values
| Name | Description |
|---|---|
| true | Password matched. |
| false | Password did not match or invalid password service. |
Example
result = submitconfirmuserpam(user, "pbulpass", "Please enter the user's password:", 3);
if (result != 1) {reject;}In this example,
submitconfirmuserpam(user, "pbulpass", "Passwd for "+user+": ", 3, "$gpvar5", 300);a persistent variable gpvar5 is created at initial successful user authentication and for 5 minutes (300 seconds) thereafter, the user is not prompted for a password.
For more information, see submitconfirmuser and Persistent variables.
Updated 29 days ago
