2N/A * The contents of this file are subject to the terms of the 2N/A * Common Development and Distribution License (the "License"). 2N/A * You may not use this file except in compliance with the License. 2N/A * See the License for the specific language governing permissions 2N/A * and limitations under the License. 2N/A * When distributing Covered Code, include this CDDL HEADER in each 2N/A * If applicable, add the following below this CDDL HEADER, with the 2N/A * fields enclosed by brackets "[]" replaced with your own identifying 2N/A * information: Portions Copyright [yyyy] [name of copyright owner] 2N/A * Copyright (c) 1999, 2010, Oracle and/or its affiliates. All rights reserved. 2N/A * pam_sm_acct_mgmt(): 2N/A * Account management module 2N/A * This module disallows roles for primary logins and adds special 2N/A * checks to allow roles for secondary logins. 2N/A "pam_roles:pam_sm_acct_mgmt: illegal module " 2N/A "service = %s, allow_remote = %d, user = %s auser = %s " 2N/A /* stop masquerades by mapping username to uid to username */ 2N/A * If there's no user_attr entry for the primary user or it's not a 2N/A * role, no further checks are needed. 2N/A /* username is a role */ 2N/A "pam_roles:pam_sm_acct_mgmt: user name %s " 2N/A "maps to user id %d which is user name %s",
2N/A /* Who's the user requesting the role? */ 2N/A /* authenticated requesting user */ 2N/A /* user is implied by real UID */ 2N/A * Root user_attr entry cannot have roles. 2N/A * Force error and deny access. 2N/A /* don't allow remote roles for this service */ 2N/A * If the original user does not have a user_attr entry or isn't 2N/A * assigned the role being assumed, fail. 2N/A "Roles can only be assumed by authorized users"),
2N/A "Roles can not login directly"),