|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd">
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
pam_ldap.8.xml - docbook manual page for pam_ldap PAM module
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
Copyright (C) 2009-2018 Arthur de Jong
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is free software; you can redistribute it and/or
|
|
Packit |
6bd9ab |
modify it under the terms of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License as published by the Free Software Foundation; either
|
|
Packit |
6bd9ab |
version 2.1 of the License, or (at your option) any later version.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
This library is distributed in the hope that it will be useful,
|
|
Packit |
6bd9ab |
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
6bd9ab |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
Packit |
6bd9ab |
Lesser General Public License for more details.
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
You should have received a copy of the GNU Lesser General Public
|
|
Packit |
6bd9ab |
License along with this library; if not, write to the Free Software
|
|
Packit |
6bd9ab |
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
|
|
Packit |
6bd9ab |
02110-1301 USA
|
|
Packit |
6bd9ab |
-->
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refentry id="pamldap8">
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refentryinfo>
|
|
Packit |
6bd9ab |
<author>
|
|
Packit |
6bd9ab |
<firstname>Arthur</firstname>
|
|
Packit |
6bd9ab |
<surname>de Jong</surname>
|
|
Packit |
6bd9ab |
</author>
|
|
Packit |
6bd9ab |
</refentryinfo>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refmeta>
|
|
Packit |
6bd9ab |
<refentrytitle>pam_ldap</refentrytitle>
|
|
Packit |
6bd9ab |
<manvolnum>8</manvolnum>
|
|
Packit |
6bd9ab |
<refmiscinfo class="version">Version 0.9.9</refmiscinfo>
|
|
Packit |
6bd9ab |
<refmiscinfo class="manual">System Manager's Manual</refmiscinfo>
|
|
Packit |
6bd9ab |
<refmiscinfo class="date">Feb 2018</refmiscinfo>
|
|
Packit |
6bd9ab |
</refmeta>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refnamediv id="name">
|
|
Packit |
6bd9ab |
<refname>pam_ldap</refname>
|
|
Packit |
6bd9ab |
<refpurpose>PAM module for LDAP-based authentication</refpurpose>
|
|
Packit |
6bd9ab |
</refnamediv>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsynopsisdiv id="synopsis">
|
|
Packit |
6bd9ab |
<cmdsynopsis>
|
|
Packit |
6bd9ab |
<command>pam_ldap.so</command>
|
|
Packit |
6bd9ab |
<arg choice="opt"><replaceable>...</replaceable></arg>
|
|
Packit |
6bd9ab |
</cmdsynopsis>
|
|
Packit |
6bd9ab |
</refsynopsisdiv>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="description">
|
|
Packit |
6bd9ab |
<title>Description</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
This is a PAM module that uses an
|
|
Packit |
6bd9ab |
LDAP server to verify user access rights and
|
|
Packit |
6bd9ab |
credentials.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="options">
|
|
Packit |
6bd9ab |
<title>Options</title>
|
|
Packit |
6bd9ab |
<variablelist remap="TP">
|
|
Packit |
6bd9ab |
<varlistentry id="use_first_pass">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>use_first_pass</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Specifies that the PAM module should use the first
|
|
Packit |
6bd9ab |
password provided in the authentication stack and not prompt the user
|
|
Packit |
6bd9ab |
for a password.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry id="try_first_pass">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>try_first_pass</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Specifies that the PAM module should use the first
|
|
Packit |
6bd9ab |
password provided in the authentication stack and if that fails prompt
|
|
Packit |
6bd9ab |
the user for a password.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry id="nullok">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>nullok</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Specifying this option allows users to log in with a blank password.
|
|
Packit |
6bd9ab |
Normally logins without a password are denied.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry id="ignore_unknown_user">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>ignore_unknown_user</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Specifies that the PAM module should return
|
|
Packit |
6bd9ab |
PAM_IGNORE for users that are not present in the LDAP
|
|
Packit |
6bd9ab |
directory.
|
|
Packit |
6bd9ab |
This causes the PAM framework to ignore this module.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry id="ignore_authinfo_unavail">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>ignore_authinfo_unavail</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Specifies that the PAM module should return
|
|
Packit |
6bd9ab |
PAM_IGNORE if it cannot contact the LDAP server.
|
|
Packit |
6bd9ab |
This causes the PAM framework to ignore this module.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry id="no_warn">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>no_warn</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
Specifies that warning messages should not be propagated to the
|
|
Packit |
6bd9ab |
PAM application.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry id="use_authtok">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>use_authtok</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
This causes the PAM module to use the earlier
|
|
Packit |
6bd9ab |
provided password when changing the password. The module will not
|
|
Packit |
6bd9ab |
prompt the user for a new password (it is analogous to
|
|
Packit |
6bd9ab |
<option>use_first_pass</option>).
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry id="debug">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>debug</option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
This option causes the PAM module to log debugging
|
|
Packit |
6bd9ab |
information to
|
|
Packit |
6bd9ab |
<citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry id="minimum_uid">
|
|
Packit |
6bd9ab |
<term>
|
|
Packit |
6bd9ab |
<option>minimum_uid=<replaceable>UID</replaceable></option>
|
|
Packit |
6bd9ab |
</term>
|
|
Packit |
6bd9ab |
<listitem>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
This option causes the PAM module to ignore the user
|
|
Packit |
6bd9ab |
if the user id is lower than the specified value. This can be used to
|
|
Packit |
6bd9ab |
bypass LDAP checks for system users
|
|
Packit |
6bd9ab |
(e.g. by setting it to <literal>1000</literal>).
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
</variablelist>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="moduleservices">
|
|
Packit |
6bd9ab |
<title>Module Services Provided</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
All services are provided by this module but currently sessions changes
|
|
Packit |
6bd9ab |
are not implemented in the nslcd daemon.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="files">
|
|
Packit |
6bd9ab |
<title>Files</title>
|
|
Packit |
6bd9ab |
<variablelist remap="TP">
|
|
Packit |
6bd9ab |
<varlistentry>
|
|
Packit |
6bd9ab |
<term><filename>/etc/pam.conf</filename></term>
|
|
Packit |
6bd9ab |
<listitem><para>the main PAM configuration file</para></listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
<varlistentry>
|
|
Packit |
6bd9ab |
<term><filename>/etc/nslcd.conf</filename></term>
|
|
Packit |
6bd9ab |
<listitem><para>
|
|
Packit |
6bd9ab |
The configuration file for the <command>nslcd</command> daemon
|
|
Packit |
6bd9ab |
(see <citerefentry><refentrytitle>nslcd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>)
|
|
Packit |
6bd9ab |
</para></listitem>
|
|
Packit |
6bd9ab |
</varlistentry>
|
|
Packit |
6bd9ab |
</variablelist>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="see_also">
|
|
Packit |
6bd9ab |
<title>See Also</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
<citerefentry><refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
Packit |
6bd9ab |
<citerefentry><refentrytitle>nslcd</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
Packit |
6bd9ab |
<citerefentry><refentrytitle>nslcd.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
<refsect1 id="author">
|
|
Packit |
6bd9ab |
<title>Author</title>
|
|
Packit |
6bd9ab |
<para>
|
|
Packit |
6bd9ab |
This manual was written by Arthur de Jong <arthur@arthurdejong.org>.
|
|
Packit |
6bd9ab |
</para>
|
|
Packit |
6bd9ab |
</refsect1>
|
|
Packit |
6bd9ab |
|
|
Packit |
6bd9ab |
</refentry>
|