|
Packit Service |
b29381 |
pam_userdb — PAM module to authenticate against a db database
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
DESCRIPTION
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
The pam_userdb module is used to verify a username/password pair against values
|
|
Packit Service |
b29381 |
stored in a Berkeley DB database. The database is indexed by the username, and
|
|
Packit Service |
b29381 |
the data fields corresponding to the username keys are the passwords.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
OPTIONS
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
crypt=[crypt|none]
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Indicates whether encrypted or plaintext passwords are stored in the
|
|
Packit Service |
b29381 |
database. If it is crypt, passwords should be stored in the database in
|
|
Packit Service |
b29381 |
crypt(3) form. If none is selected, passwords should be stored in the
|
|
Packit Service |
b29381 |
database as plaintext.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
db=/path/database
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Use the /path/database database for performing lookup. There is no default;
|
|
Packit Service |
b29381 |
the module will return PAM_IGNORE if no database is provided. Note that the
|
|
Packit Service |
b29381 |
path to the database file should be specified without the .db suffix.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
debug
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Print debug information.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
dump
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Dump all the entries in the database to the log. Don't do this by default!
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
icase
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Make the password verification to be case insensitive (ie when working with
|
|
Packit Service |
b29381 |
registration numbers and such). Only works with plaintext password storage.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
try_first_pass
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Use the authentication token previously obtained by another module that did
|
|
Packit Service |
b29381 |
the conversation with the application. If this token can not be obtained
|
|
Packit Service |
b29381 |
then the module will try to converse. This option can be used for stacking
|
|
Packit Service |
b29381 |
different modules that need to deal with the authentication tokens.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
use_first_pass
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Use the authentication token previously obtained by another module that did
|
|
Packit Service |
b29381 |
the conversation with the application. If this token can not be obtained
|
|
Packit Service |
b29381 |
then the module will fail. This option can be used for stacking different
|
|
Packit Service |
b29381 |
modules that need to deal with the authentication tokens.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
unknown_ok
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
Do not return error when checking for a user that is not in the database.
|
|
Packit Service |
b29381 |
This can be used to stack more than one pam_userdb module that will check a
|
|
Packit Service |
b29381 |
username/password pair in more than a database.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
key_only
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
The username and password are concatenated together in the database hash as
|
|
Packit Service |
b29381 |
'username-password' with a random value. if the concatenation of the
|
|
Packit Service |
b29381 |
username and password with a dash in the middle returns any result, the
|
|
Packit Service |
b29381 |
user is valid. this is useful in cases where the username may not be unique
|
|
Packit Service |
b29381 |
but the username and password pair are.
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
EXAMPLES
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
auth sufficient pam_userdb.so icase db=/etc/dbtest
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
AUTHOR
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
pam_userdb was written by Cristian Gafton >gafton@redhat.com<.
|
|
Packit Service |
b29381 |
|