IBM 10 SP1 EAL4 Server User Manual


 
14. Invokes pam_chauthok() to rejuvenate user’s authentication tokens.
15. Exits.
5.13.1.2 chfn
The chfn program allows users to change their finger information. The finger command displays the
information, stored in the /etc/passwd file. Refer to the chfn man page for detailed information. chfn
generally follows these steps:
1. Sets language.
2. Gets invoking user’s ID.
3. Parses command-line arguments.
4. Performs a check that a non-root user is not trying to change finger information of another user.
5. Invokes pam_start() to initialize the PAM library and to identify the application with a particular
service name.
6. Invokes pam_authenticate() to authenticate the application user. Generates an audit record to
log the authentication attempt and its outcome.
7. Invokes pam_acct_mgmt() to perform module-specific account management.
8. Invokes pam_chauthok() to rejuvenate the user’s authentication tokens.
9. Invokes pam_setcred() to set credentials.
10. Prompts for new finger information if not supplied on the command line.
11. Updates appropriate database files with new finger information.
12. Exits.
5.13.1.3 chsh
The chsh program allows users to change their login shells. If a shell is not given on the command line,
chsh prompts for one. Refer to the chsh man page for detailed information. chsh generally follows these
steps:
1. Sets language.
2. Gets invoking user’s ID.
3. Parses command-line arguments.
4. Performs a check that a non-root user is not trying to change shell of another user.
5. Performs a check to ensure that a non-root user is not trying to set his or her shell to a non standard
shell.
6. Invokes pam_start() to initialize the PAM library and to identify the application with a particular
service name.
7. Invokes pam_authenticate() to authenticate the application user. Generates an audit record to
log the authentication attempt and its outcome.
8. Invokes pam_acct_mgmt() to perform module-specific account management.
9. Invokes pam_chauthok() to rejuvenate the user’s authentication tokens.
10. Checks the shell to make sure that it is accessible.
197