diff options
Diffstat (limited to 'modules/pam_stress/README')
-rw-r--r-- | modules/pam_stress/README | 93 |
1 files changed, 45 insertions, 48 deletions
diff --git a/modules/pam_stress/README b/modules/pam_stress/README index ed56ae58..230e8621 100644 --- a/modules/pam_stress/README +++ b/modules/pam_stress/README @@ -1,64 +1,61 @@ -# -# This describes the behavior of this module with respect to the -# /etc/pam.conf file. -# -# written by Andrew Morgan <morgan@parc.power.net> -# +pam_stress — The stress-testing PAM module -This module recognizes the following arguments. +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ -debug put lots of information in syslog. - *NOTE* this option writes passwords to syslog, so - don't use anything sensitive when testing. +DESCRIPTION -no_warn don't give warnings about things (otherwise warnings are issued - via the conversation function) +The pam_stress PAM module is mainly intended to give the impression of failing +as a fully functioning module might. -use_first_pass don't prompt for a password, for pam_sm_authentication - function just use item PAM_AUTHTOK. +OPTIONS -try_first_pass don't prompt for a password unless there has been no - previous authentication token (item PAM_AUTHTOK is NULL) +debug -rootok This is intended for the pam_sm_chauthtok function and - it instructs this function to permit root to change - the user's password without entering the old password. + Put lots of information in syslog. *NOTE* this option writes passwords to + syslog, so don't use anything sensitive when testing. -The following arguments are acted on by the module. They are intended -to make the module give the impression of failing as a fully -functioning module might. +no_warn -expired an argument intended for the account and chauthtok module - parts. It instructs the module to act as if the user's - password has expired + Do not give warnings about things (otherwise warnings are issued via the + conversation function) -fail_1 this instructs the module to make its first function fail. +use_first_pass -fail_2 this instructs the module to make its second function (if there - is one) fail. + Do not prompt for a password, for pam_sm_authentication function just use + item PAM_AUTHTOK. - The function break up is indicated in the Module - Developers' Guide. Listed here it is: +try_first_pass - service function 1 function 2 - ------- ---------- ---------- - auth pam_sm_authenticate pam_sm_setcred - password pam_sm_chauthtok - session pam_sm_open_session pam_sm_close_session - account pam_sm_acct_mgmt + Do not prompt for a password unless there has been no previous + authentication token (item PAM_AUTHTOK is NULL) -prelim for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK. +rootok -required for pam_sm_chauthtok, means fail if the user hasn't already - been authenticated by this module. (See stress_new_pwd data - item below.) + This is intended for the pam_sm_chauthtok function and it instructs this + function to permit root to change the user's password without entering the + old password. -# -# data strings that this module uses are the following: -# +expired + + An argument intended for the account and chauthtok module parts. It + instructs the module to act as if the user's password has expired + +fail_1 + + This instructs the module to make its first function fail. + +fail_2 + + This instructs the module to make its second function (if there is one) + fail. + +prelim + + For pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK. + +required + + For pam_sm_chauthtok, means fail if the user hasn't already been + authenticated by this module. (See stress_new_pwd data string in the + NOTES.) -data name value(s) Comments ---------- -------- -------- -stress_new_pwd yes tells pam_sm_chauthtok that - pam_sm_acct_mgmt says we need a new - password |