|
Packit |
6bd9ab |
'\" -*- coding: utf-8 -*-
|
|
Packit |
6bd9ab |
.if \n(.g .ds T< \\FC
|
|
Packit |
6bd9ab |
.if \n(.g .ds T> \\F[\n[.fam]]
|
|
Packit |
6bd9ab |
.de URL
|
|
Packit |
6bd9ab |
\\$2 \(la\\$1\(ra\\$3
|
|
Packit |
6bd9ab |
..
|
|
Packit |
6bd9ab |
.if \n(.g .mso www.tmac
|
|
Packit |
6bd9ab |
.TH pam_ldap 8 "Feb 2018" "Version 0.9.9" "System Manager's Manual"
|
|
Packit |
6bd9ab |
.SH NAME
|
|
Packit |
6bd9ab |
pam_ldap \- PAM module for LDAP-based authentication
|
|
Packit |
6bd9ab |
.SH SYNOPSIS
|
|
Packit |
6bd9ab |
'nh
|
|
Packit |
6bd9ab |
.fi
|
|
Packit |
6bd9ab |
.ad l
|
|
Packit |
6bd9ab |
\fBpam_ldap.so\fR \kx
|
|
Packit |
6bd9ab |
.if (\nx>(\n(.l/2)) .nr x (\n(.l/5)
|
|
Packit |
6bd9ab |
'in \n(.iu+\nxu
|
|
Packit |
6bd9ab |
[\fI...\fR]
|
|
Packit |
6bd9ab |
'in \n(.iu-\nxu
|
|
Packit |
6bd9ab |
.ad b
|
|
Packit |
6bd9ab |
'hy
|
|
Packit |
6bd9ab |
.SH DESCRIPTION
|
|
Packit |
6bd9ab |
This is a PAM module that uses an
|
|
Packit |
6bd9ab |
LDAP server to verify user access rights and
|
|
Packit |
6bd9ab |
credentials.
|
|
Packit |
6bd9ab |
.SH OPTIONS
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBuse_first_pass\fR\*(T>
|
|
Packit |
6bd9ab |
Specifies that the PAM module should use the first
|
|
Packit |
6bd9ab |
password provided in the authentication stack and not prompt the user
|
|
Packit |
6bd9ab |
for a password.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBtry_first_pass\fR\*(T>
|
|
Packit |
6bd9ab |
Specifies that the PAM module should use the first
|
|
Packit |
6bd9ab |
password provided in the authentication stack and if that fails prompt
|
|
Packit |
6bd9ab |
the user for a password.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBnullok\fR\*(T>
|
|
Packit |
6bd9ab |
Specifying this option allows users to log in with a blank password.
|
|
Packit |
6bd9ab |
Normally logins without a password are denied.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBignore_unknown_user\fR\*(T>
|
|
Packit |
6bd9ab |
Specifies that the PAM module should return
|
|
Packit |
6bd9ab |
PAM_IGNORE for users that are not present in the LDAP
|
|
Packit |
6bd9ab |
directory.
|
|
Packit |
6bd9ab |
This causes the PAM framework to ignore this module.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBignore_authinfo_unavail\fR\*(T>
|
|
Packit |
6bd9ab |
Specifies that the PAM module should return
|
|
Packit |
6bd9ab |
PAM_IGNORE if it cannot contact the LDAP server.
|
|
Packit |
6bd9ab |
This causes the PAM framework to ignore this module.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBno_warn\fR\*(T>
|
|
Packit |
6bd9ab |
Specifies that warning messages should not be propagated to the
|
|
Packit |
6bd9ab |
PAM application.
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBuse_authtok\fR\*(T>
|
|
Packit |
6bd9ab |
This causes the PAM module to use the earlier
|
|
Packit |
6bd9ab |
provided password when changing the password. The module will not
|
|
Packit |
6bd9ab |
prompt the user for a new password (it is analogous to
|
|
Packit |
6bd9ab |
\*(T<\fBuse_first_pass\fR\*(T>).
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBdebug\fR\*(T>
|
|
Packit |
6bd9ab |
This option causes the PAM module to log debugging
|
|
Packit |
6bd9ab |
information to
|
|
Packit |
6bd9ab |
\fBsyslog\fR(3).
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fBminimum_uid=\fR\*(T>\fIUID\fR
|
|
Packit |
6bd9ab |
This option causes the PAM module to ignore the user
|
|
Packit |
6bd9ab |
if the user id is lower than the specified value. This can be used to
|
|
Packit |
6bd9ab |
bypass LDAP checks for system users
|
|
Packit |
6bd9ab |
(e.g. by setting it to \*(T<1000\*(T>).
|
|
Packit |
6bd9ab |
.SH "MODULE SERVICES PROVIDED"
|
|
Packit |
6bd9ab |
All services are provided by this module but currently sessions changes
|
|
Packit |
6bd9ab |
are not implemented in the nslcd daemon.
|
|
Packit |
6bd9ab |
.SH FILES
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fI/etc/pam.conf\fR\*(T>
|
|
Packit |
6bd9ab |
the main PAM configuration file
|
|
Packit |
6bd9ab |
.TP
|
|
Packit |
6bd9ab |
\*(T<\fI/etc/nslcd.conf\fR\*(T>
|
|
Packit |
6bd9ab |
The configuration file for the \fBnslcd\fR daemon
|
|
Packit |
6bd9ab |
(see \fBnslcd.conf\fR(5))
|
|
Packit |
6bd9ab |
.SH "SEE ALSO"
|
|
Packit |
6bd9ab |
\fBpam.conf\fR(5),
|
|
Packit |
6bd9ab |
\fBnslcd\fR(8),
|
|
Packit |
6bd9ab |
\fBnslcd.conf\fR(5)
|
|
Packit |
6bd9ab |
.SH AUTHOR
|
|
Packit |
6bd9ab |
This manual was written by Arthur de Jong <arthur@arthurdejong.org>.
|