diff options
Diffstat (limited to 'modules/pam_userdb/README')
-rw-r--r-- | modules/pam_userdb/README | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/modules/pam_userdb/README b/modules/pam_userdb/README new file mode 100644 index 0000000..1765591 --- /dev/null +++ b/modules/pam_userdb/README @@ -0,0 +1,75 @@ +pam_userdb — PAM module to authenticate against a db database + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +The pam_userdb module is used to verify a username/password pair against values +stored in a Berkeley DB database. The database is indexed by the username, and +the data fields corresponding to the username keys are the passwords. + +OPTIONS + +crypt=[crypt|none] + + Indicates whether encrypted or plaintext passwords are stored in the + database. If it is crypt, passwords should be stored in the database in + crypt(3) form. If none is selected, passwords should be stored in the + database as plaintext. + +db=/path/database + + Use the /path/database database for performing lookup. There is no default; + the module will return PAM_IGNORE if no database is provided. Note that the + path to the database file should be specified without the .db suffix. + +debug + + Print debug information. + +dump + + Dump all the entries in the database to the log. Don't do this by default! + +icase + + Make the password verification to be case insensitive (ie when working with + registration numbers and such). Only works with plaintext password storage. + +try_first_pass + + Use the authentication token previously obtained by another module that did + the conversation with the application. If this token can not be obtained + then the module will try to converse. This option can be used for stacking + different modules that need to deal with the authentication tokens. + +use_first_pass + + Use the authentication token previously obtained by another module that did + the conversation with the application. If this token can not be obtained + then the module will fail. This option can be used for stacking different + modules that need to deal with the authentication tokens. + +unknown_ok + + Do not return error when checking for a user that is not in the database. + This can be used to stack more than one pam_userdb module that will check a + username/password pair in more than a database. + +key_only + + The username and password are concatenated together in the database hash as + 'username-password' with a random value. if the concatenation of the + username and password with a dash in the middle returns any result, the + user is valid. this is useful in cases where the username may not be unique + but the username and password pair are. + +EXAMPLES + +auth sufficient pam_userdb.so icase db=/etc/dbtest + + +AUTHOR + +pam_userdb was written by Cristian Gafton >gafton@redhat.com<. + |