summaryrefslogtreecommitdiffstats
path: root/modules/pam_userdb/pam_userdb.8
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_userdb/pam_userdb.8')
-rw-r--r--modules/pam_userdb/pam_userdb.8158
1 files changed, 158 insertions, 0 deletions
diff --git a/modules/pam_userdb/pam_userdb.8 b/modules/pam_userdb/pam_userdb.8
new file mode 100644
index 0000000..fc00278
--- /dev/null
+++ b/modules/pam_userdb/pam_userdb.8
@@ -0,0 +1,158 @@
+'\" t
+.\" Title: pam_userdb
+.\" Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\" Date: 09/03/2021
+.\" Manual: Linux-PAM Manual
+.\" Source: Linux-PAM Manual
+.\" Language: English
+.\"
+.TH "PAM_USERDB" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_userdb \- PAM module to authenticate against a db database
+.SH "SYNOPSIS"
+.HP \w'\fBpam_userdb\&.so\fR\ 'u
+\fBpam_userdb\&.so\fR db=\fI/path/database\fR [debug] [crypt=[crypt|none]] [icase] [dump] [try_first_pass] [use_first_pass] [unknown_ok] [key_only]
+.SH "DESCRIPTION"
+.PP
+The pam_userdb module is used to verify a username/password pair against values stored in a Berkeley DB database\&. The database is indexed by the username, and the data fields corresponding to the username keys are the passwords\&.
+.SH "OPTIONS"
+.PP
+\fBcrypt=[crypt|none]\fR
+.RS 4
+Indicates whether encrypted or plaintext passwords are stored in the database\&. If it is
+\fBcrypt\fR, passwords should be stored in the database in
+\fBcrypt\fR(3)
+form\&. If
+\fBnone\fR
+is selected, passwords should be stored in the database as plaintext\&.
+.RE
+.PP
+\fBdb=\fR\fB\fI/path/database\fR\fR
+.RS 4
+Use the
+/path/database
+database for performing lookup\&. There is no default; the module will return
+\fBPAM_IGNORE\fR
+if no database is provided\&. Note that the path to the database file should be specified without the
+\&.db
+suffix\&.
+.RE
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\&. Note that password hashes, both from db and computed, will be printed to syslog\&.
+.RE
+.PP
+\fBdump\fR
+.RS 4
+Dump all the entries in the database to the log\&. Don\*(Aqt do this by default!
+.RE
+.PP
+\fBicase\fR
+.RS 4
+Make the password verification to be case insensitive (ie when working with registration numbers and such)\&. Only works with plaintext password storage\&.
+.RE
+.PP
+\fBtry_first_pass\fR
+.RS 4
+Use the authentication token previously obtained by another module that did the conversation with the application\&. If this token can not be obtained then the module will try to converse\&. This option can be used for stacking different modules that need to deal with the authentication tokens\&.
+.RE
+.PP
+\fBuse_first_pass\fR
+.RS 4
+Use the authentication token previously obtained by another module that did the conversation with the application\&. If this token can not be obtained then the module will fail\&. This option can be used for stacking different modules that need to deal with the authentication tokens\&.
+.RE
+.PP
+\fBunknown_ok\fR
+.RS 4
+Do not return error when checking for a user that is not in the database\&. This can be used to stack more than one pam_userdb module that will check a username/password pair in more than a database\&.
+.RE
+.PP
+\fBkey_only\fR
+.RS 4
+The username and password are concatenated together in the database hash as \*(Aqusername\-password\*(Aq with a random value\&. if the concatenation of the username and password with a dash in the middle returns any result, the user is valid\&. this is useful in cases where the username may not be unique but the username and password pair are\&.
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+The
+\fBauth\fR
+and
+\fBaccount\fR
+module types are provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+Authentication failure\&.
+.RE
+.PP
+PAM_AUTHTOK_RECOVERY_ERR
+.RS 4
+Authentication information cannot be recovered\&.
+.RE
+.PP
+PAM_BUF_ERR
+.RS 4
+Memory buffer error\&.
+.RE
+.PP
+PAM_CONV_ERR
+.RS 4
+Conversation failure\&.
+.RE
+.PP
+PAM_SERVICE_ERR
+.RS 4
+Error in service module\&.
+.RE
+.PP
+PAM_SUCCESS
+.RS 4
+Success\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+User not known to the underlying authentication module\&.
+.RE
+.SH "EXAMPLES"
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+auth sufficient pam_userdb\&.so icase db=/etc/dbtest
+
+.fi
+.if n \{\
+.RE
+.\}
+.SH "SEE ALSO"
+.PP
+\fBcrypt\fR(3),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_userdb was written by Cristian Gafton >gafton@redhat\&.com<\&.