aboutsummaryrefslogtreecommitdiff
path: root/Linux-PAM/modules/pam_userdb/README
diff options
context:
space:
mode:
Diffstat (limited to 'Linux-PAM/modules/pam_userdb/README')
-rw-r--r--Linux-PAM/modules/pam_userdb/README39
1 files changed, 35 insertions, 4 deletions
diff --git a/Linux-PAM/modules/pam_userdb/README b/Linux-PAM/modules/pam_userdb/README
index f4423781..1cab7b74 100644
--- a/Linux-PAM/modules/pam_userdb/README
+++ b/Linux-PAM/modules/pam_userdb/README
@@ -1,6 +1,7 @@
pam_userdb:
Look up users in a .db database and verify their password against
- what is contained in that database.
+ what is contained in that database. The database will have been
+ created using db_load.
RECOGNIZED ARGUMENTS:
debug write a message to syslog indicating success or
@@ -8,16 +9,46 @@ RECOGNIZED ARGUMENTS:
db=[path] use the [path] database for performing lookup. There
is no default; the module will return PAM_IGNORE if
- no database is provided.
+ no database is provided. Some versions of DB will
+ automatically append ".db" to whatever pathname you
+ supply here.
+ crypt=[mode] indicates whether encrypted or plaintext passwords
+ are stored in the database. If [mode] is "crypt",
+ passwords should be stored in the database in
+ crypt(3) form. If [mode] is "none" or any other
+ value, passwords should be stored in the database in
+ plaintext.
+
icase make the password verification to be case insensitive
(ie when working with registration numbers and such)
+ only works with plaintext password storage.
dump dump all the entries in the database to the log (eek,
don't do this by default!)
+ use_authtok use the authentication token previously obtained by
+ another module that did the conversation with the
+ application. If this token can not be obtained then
+ the module will try to converse again. This option can
+ be used for stacking different modules that need to
+ deal with the authentication tokens.
+
+ unknown_ok do not return error when checking for a user that is
+ not in the database. This can be used to stack more
+ than one pam_userdb module that will check a
+ username/password pair in more than a database.
+
+ key_only the username and password are concatenated together
+ in the database hash as 'username-password' with a
+ random value. if the concatenation of the username and
+ password with a dash in the middle returns any result,
+ the user is valid. this is useful in cases where
+ the username may not be unique but the username and
+ password pair are.
+
MODULE SERVICES PROVIDED:
- auth _authetication and _setcred (blank)
+ auth _authentication and _setcred (blank)
EXAMPLE USE:
auth sufficient pam_userdb.so icase db=/tmp/dbtest.db
@@ -27,4 +58,4 @@ AUTHOR:
-$Id: README,v 1.1.1.1 2001/04/29 04:17:42 hartmans Exp $
+$Id: README,v 1.3 2004/09/28 13:48:47 kukuk Exp $
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-28 16:12:18 +0000