Load Module Interfaces
Each loadable module defines a number of interface subroutines. The interface subroutines, which must be present, are determined by how the loadable module is to be used by the system.
A loadable module may be used to provide identification (account name and attribute information), authentication (password storage and verification) or both. All modules may have additional support interfaces for initializing and configuring the loadable module, creating new user and group accounts, and serializing access to information. This table describes the purpose of each interface. Interfaces may not be required if the loadable module is not used for the purpose of the interface. For example, a loadable module which only performs authentication functions is not required to have interfaces which are only used for identification operations.
| Method Interface Types | ||
|---|---|---|
| Name | Type | Required |
| method_attrlist | Support | No |
| method_authenticate | Authentication | No [ 3] |
| method_chpass | Authentication | Yes |
| method_close | Support | No |
| method_commit | Support | No |
| method_delentry | Support | No |
| method_delgroup | Support | No |
| method_deluser | Support | No |
| method_getentry | Identification [ 1] | No |
| method_getgracct | Identification | No |
| method_getgrgid | Identification | Yes |
| method_getgrnam | Identification | Yes |
| method_getgrset | Identification | Yes |
| method_getgrusers | Identification | No |
| method_getpasswd | Authentication | No |
| method_getpwnam | Identification | Yes |
| method_getpwuid | Identification | Yes |
| method_lock | Support | No |
| method_newentry | Support | No |
| method_newgroup | Support | No |
| method_newuser | Support | No |
| method_nextentry | Support | No |
| method_normalize | Authentication | No |
| method_open | Support | No |
| method_passwdexpired | Authentication [ 2] | No |
| method_passwdrestrictions | Authentication [ 2] | No |
| method_putentry | Identification [ 1] | No |
| method_putgrent | Identification | No |
| method_putgrusers | Identification | No |
| method_putpwent | Identification | No |
| method_unlock | Support | No |
- Any module which provides a method_attrlist() interface must also provide this interface.
- Attributes which are related to password expiration or restrictions should be reported by the method_attrlist() interface.
- If this interface is not provided the method_getpasswd() interface must be provided.
Several of the functions make use of a table parameter to select between user, group and system identification information. The table parameter has one of the following values:
| Identification Table Names | |
|---|---|
| Value | Description |
| "user" | The table containing user account information, such as user ID, full name, home directory and login shell. |
| "group" | The table containing group account information, such as group ID and group membership list. |
| "system" | The table containing system information, such as user or group account default values. |
| "roles" | The table containing role information such as authorizations, rolelists, and authorization modes. |
| "authorizations" | The table containing authorization information such as explicit role authorizations, authorization children, and authorization description. |
| "privcmds" | The table containing the privileged command information such as command name, security flag, auth privileges, innate privileges, and inherited privileges. |
| "privdevs" | The table containing the privileged devices information such as device name, read privileges, and write privileges. |
| "sysck" | The table containing the sysck information such as class, file type, owner, group, ACLs, and checksum. |
When a table parameter is used by an authentication interface, "user" is the only valid value.