diff options
Diffstat (limited to '')
-rw-r--r-- | modules/pam_userdb/pam_userdb.8 | 158 | ||||
-rw-r--r-- | modules/pam_userdb/pam_userdb.8.xml | 293 |
2 files changed, 451 insertions, 0 deletions
diff --git a/modules/pam_userdb/pam_userdb.8 b/modules/pam_userdb/pam_userdb.8 new file mode 100644 index 0000000..7f8fd35 --- /dev/null +++ b/modules/pam_userdb/pam_userdb.8 @@ -0,0 +1,158 @@ +'\" t +.\" Title: pam_userdb +.\" Author: [see the "AUTHOR" section] +.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/> +.\" Date: 05/18/2017 +.\" Manual: Linux-PAM Manual +.\" Source: Linux-PAM Manual +.\" Language: English +.\" +.TH "PAM_USERDB" "8" "05/18/2017" "Linux-PAM Manual" "Linux\-PAM Manual" +.\" ----------------------------------------------------------------- +.\" * Define some portability stuff +.\" ----------------------------------------------------------------- +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.\" http://bugs.debian.org/507673 +.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html +.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.ie \n(.g .ds Aq \(aq +.el .ds Aq ' +.\" ----------------------------------------------------------------- +.\" * set default formatting +.\" ----------------------------------------------------------------- +.\" disable hyphenation +.nh +.\" disable justification (adjust text to left margin only) +.ad l +.\" ----------------------------------------------------------------- +.\" * MAIN CONTENT STARTS HERE * +.\" ----------------------------------------------------------------- +.SH "NAME" +pam_userdb \- PAM module to authenticate against a db database +.SH "SYNOPSIS" +.HP \w'\fBpam_userdb\&.so\fR\ 'u +\fBpam_userdb\&.so\fR db=\fI/path/database\fR [debug] [crypt=[crypt|none]] [icase] [dump] [try_first_pass] [use_first_pass] [unknown_ok] [key_only] +.SH "DESCRIPTION" +.PP +The pam_userdb module is used to verify a username/password pair against values stored in a Berkeley DB database\&. The database is indexed by the username, and the data fields corresponding to the username keys are the passwords\&. +.SH "OPTIONS" +.PP +\fBcrypt=[crypt|none]\fR +.RS 4 +Indicates whether encrypted or plaintext passwords are stored in the database\&. If it is +\fBcrypt\fR, passwords should be stored in the database in +\fBcrypt\fR(3) +form\&. If +\fBnone\fR +is selected, passwords should be stored in the database as plaintext\&. +.RE +.PP +\fBdb=\fR\fB\fI/path/database\fR\fR +.RS 4 +Use the +/path/database +database for performing lookup\&. There is no default; the module will return +\fBPAM_IGNORE\fR +if no database is provided\&. Note that the path to the database file should be specified without the +\&.db +suffix\&. +.RE +.PP +\fBdebug\fR +.RS 4 +Print debug information\&. +.RE +.PP +\fBdump\fR +.RS 4 +Dump all the entries in the database to the log\&. Don\*(Aqt do this by default! +.RE +.PP +\fBicase\fR +.RS 4 +Make the password verification to be case insensitive (ie when working with registration numbers and such)\&. Only works with plaintext password storage\&. +.RE +.PP +\fBtry_first_pass\fR +.RS 4 +Use the authentication token previously obtained by another module that did the conversation with the application\&. If this token can not be obtained then the module will try to converse\&. This option can be used for stacking different modules that need to deal with the authentication tokens\&. +.RE +.PP +\fBuse_first_pass\fR +.RS 4 +Use the authentication token previously obtained by another module that did the conversation with the application\&. If this token can not be obtained then the module will fail\&. This option can be used for stacking different modules that need to deal with the authentication tokens\&. +.RE +.PP +\fBunknown_ok\fR +.RS 4 +Do not return error when checking for a user that is not in the database\&. This can be used to stack more than one pam_userdb module that will check a username/password pair in more than a database\&. +.RE +.PP +\fBkey_only\fR +.RS 4 +The username and password are concatenated together in the database hash as \*(Aqusername\-password\*(Aq with a random value\&. if the concatenation of the username and password with a dash in the middle returns any result, the user is valid\&. this is useful in cases where the username may not be unique but the username and password pair are\&. +.RE +.SH "MODULE TYPES PROVIDED" +.PP +The +\fBauth\fR +and +\fBaccount\fR +module types are provided\&. +.SH "RETURN VALUES" +.PP +PAM_AUTH_ERR +.RS 4 +Authentication failure\&. +.RE +.PP +PAM_AUTHTOK_RECOVERY_ERR +.RS 4 +Authentication information cannot be recovered\&. +.RE +.PP +PAM_BUF_ERR +.RS 4 +Memory buffer error\&. +.RE +.PP +PAM_CONV_ERR +.RS 4 +Conversation failure\&. +.RE +.PP +PAM_SERVICE_ERR +.RS 4 +Error in service module\&. +.RE +.PP +PAM_SUCCESS +.RS 4 +Success\&. +.RE +.PP +PAM_USER_UNKNOWN +.RS 4 +User not known to the underlying authentication module\&. +.RE +.SH "EXAMPLES" +.sp +.if n \{\ +.RS 4 +.\} +.nf +auth sufficient pam_userdb\&.so icase db=/etc/dbtest + +.fi +.if n \{\ +.RE +.\} +.SH "SEE ALSO" +.PP +\fBcrypt\fR(3), +\fBpam.conf\fR(5), +\fBpam.d\fR(5), +\fBpam\fR(8) +.SH "AUTHOR" +.PP +pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&. diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml new file mode 100644 index 0000000..fa628ad --- /dev/null +++ b/modules/pam_userdb/pam_userdb.8.xml @@ -0,0 +1,293 @@ +<?xml version="1.0" encoding='UTF-8'?> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN" + "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"> + +<refentry id="pam_userdb"> + + <refmeta> + <refentrytitle>pam_userdb</refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo> + </refmeta> + + <refnamediv id="pam_userdb-name"> + <refname>pam_userdb</refname> + <refpurpose>PAM module to authenticate against a db database</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis id="pam_userdb-cmdsynopsis"> + <command>pam_userdb.so</command> + <arg choice="plain"> + db=<replaceable>/path/database</replaceable> + </arg> + <arg choice="opt"> + debug + </arg> + <arg choice="opt"> + crypt=[crypt|none] + </arg> + <arg choice="opt"> + icase + </arg> + <arg choice="opt"> + dump + </arg> + <arg choice="opt"> + try_first_pass + </arg> + <arg choice="opt"> + use_first_pass + </arg> + <arg choice="opt"> + unknown_ok + </arg> + <arg choice="opt"> + key_only + </arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1 id="pam_userdb-description"> + + <title>DESCRIPTION</title> + + <para> + The pam_userdb module is used to verify a username/password pair + against values stored in a Berkeley DB database. The database is + indexed by the username, and the data fields corresponding to the + username keys are the passwords. + </para> + </refsect1> + + <refsect1 id="pam_userdb-options"> + + <title>OPTIONS</title> + <variablelist> + <varlistentry> + <term> + <option>crypt=[crypt|none]</option> + </term> + <listitem> + <para> + Indicates whether encrypted or plaintext passwords are stored + in the database. If it is <option>crypt</option>, passwords + should be stored in the database in + <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> + </citerefentry> form. If <option>none</option> is selected, + passwords should be stored in the database as plaintext. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>db=<replaceable>/path/database</replaceable></option> + </term> + <listitem> + <para> + Use the <filename>/path/database</filename> database for + performing lookup. There is no default; the module will + return <emphasis remap='B'>PAM_IGNORE</emphasis> if no + database is provided. Note that the path to the database file + should be specified without the <filename>.db</filename> suffix. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>debug</option> + </term> + <listitem> + <para> + Print debug information. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>dump</option> + </term> + <listitem> + <para> + Dump all the entries in the database to the log. + Don't do this by default! + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>icase</option> + </term> + <listitem> + <para> + Make the password verification to be case insensitive + (ie when working with registration numbers and such). + Only works with plaintext password storage. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <option>try_first_pass</option> + </term> + <listitem> + <para> + Use the authentication token previously obtained by + another module that did the conversation with the + application. If this token can not be obtained then + the module will try to converse. This option can + be used for stacking different modules that need to + deal with the authentication tokens. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>use_first_pass</option> + </term> + <listitem> + <para> + Use the authentication token previously obtained by + another module that did the conversation with the + application. If this token can not be obtained then + the module will fail. This option can be used for + stacking different modules that need to deal with + the authentication tokens. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>unknown_ok</option> + </term> + <listitem> + <para> + Do not return error when checking for a user that is + not in the database. This can be used to stack more + than one pam_userdb module that will check a + username/password pair in more than a database. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term> + <option>key_only</option> + </term> + <listitem> + <para> + The username and password are concatenated together + in the database hash as 'username-password' with a + random value. if the concatenation of the username and + password with a dash in the middle returns any result, + the user is valid. this is useful in cases where + the username may not be unique but the username and + password pair are. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id="pam_userdb-types"> + <title>MODULE TYPES PROVIDED</title> + <para> + The <option>auth</option> and <option>account</option> module + types are provided. + </para> + </refsect1> + + <refsect1 id='pam_userdb-return_values'> + <title>RETURN VALUES</title> + <variablelist> + <varlistentry> + <term>PAM_AUTH_ERR</term> + <listitem> + <para>Authentication failure.</para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_AUTHTOK_RECOVERY_ERR</term> + <listitem> + <para> + Authentication information cannot be recovered. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_BUF_ERR</term> + <listitem> + <para> + Memory buffer error. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_CONV_ERR</term> + <listitem> + <para> + Conversation failure. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SERVICE_ERR</term> + <listitem> + <para> + Error in service module. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_SUCCESS</term> + <listitem> + <para> + Success. + </para> + </listitem> + </varlistentry> + <varlistentry> + <term>PAM_USER_UNKNOWN</term> + <listitem> + <para> + User not known to the underlying authentication module. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1 id='pam_userdb-examples'> + <title>EXAMPLES</title> + <programlisting> +auth sufficient pam_userdb.so icase db=/etc/dbtest + </programlisting> + </refsect1> + + <refsect1 id='pam_userdb-see_also'> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum> + </citerefentry> + </para> + </refsect1> + + <refsect1 id='pam_userdb-author'> + <title>AUTHOR</title> + <para> + pam_userdb was written by Cristian Gafton >gafton@redhat.com<. + </para> + </refsect1> + +</refentry> |