summaryrefslogtreecommitdiff
path: root/modules/pam_userdb/README
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_userdb/README')
-rw-r--r--modules/pam_userdb/README142
1 files changed, 74 insertions, 68 deletions
diff --git a/modules/pam_userdb/README b/modules/pam_userdb/README
index 0d74ecb2..8e1a5ffd 100644
--- a/modules/pam_userdb/README
+++ b/modules/pam_userdb/README
@@ -1,68 +1,74 @@
-pam_userdb:
- Look up users in a .db database and verify their password against
- what is contained in that database. The database will have been
- created using db_load.
-
-RECOGNIZED ARGUMENTS:
- debug write a message to syslog indicating success or
- failure.
-
- db=[path] use the [path] database for performing lookup. There
- is no default; the module will return PAM_IGNORE if
- no database is provided. Some versions of DB will
- automatically append ".db" to whatever pathname you
- supply here.
-
- crypt=[mode] indicates whether encrypted or plaintext passwords
- are stored in the database. If [mode] is "crypt",
- passwords should be stored in the database in
- crypt(3) form. If [mode] is "none" or any other
- value, passwords should be stored in the database in
- plaintext.
-
- icase make the password verification to be case insensitive
- (ie when working with registration numbers and such)
- only works with plaintext password storage.
-
- dump dump all the entries in the database to the log (eek,
- don't do this by default!)
-
- try_first_pass use the authentication token previously obtained by
- another module that did the conversation with the
- application. If this token can not be obtained then
- the module will try to converse. This option can
- be used for stacking different modules that need to
- deal with the authentication tokens.
-
- use_first_pass use the authentication token previously obtained by
- another module that did the conversation with the
- application. If this token can not be obtained then
- the module will fail. This option can be used for
- stacking different modules that need to deal with
- the authentication tokens.
-
- unknown_ok do not return error when checking for a user that is
- not in the database. This can be used to stack more
- than one pam_userdb module that will check a
- username/password pair in more than a database.
-
- key_only the username and password are concatenated together
- in the database hash as 'username-password' with a
- random value. if the concatenation of the username and
- password with a dash in the middle returns any result,
- the user is valid. this is useful in cases where
- the username may not be unique but the username and
- password pair are.
-
-MODULE SERVICES PROVIDED:
- auth _authentication and _setcred (blank)
-
-EXAMPLE USE:
- auth sufficient pam_userdb.so icase db=/etc/dbtest.db
-
-AUTHOR:
- Cristian Gafton <gafton@redhat.com>
-
-
-
-$Id$
+pam_userdb — PAM module to authenticate against a db database
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+DESCRIPTION
+
+The pam_userdb module is used to verify a username/password pair against values
+stored in a Berkeley DB database. The database is indexed by the username, and
+the data fields corresponding to the username keys are the passwords.
+
+OPTIONS
+
+crypt=[crypt|none]
+
+ Indicates whether encrypted or plaintext passwords are stored in the
+ database. If it is crypt, passwords should be stored in the database in
+ crypt(3) form. If none is selected, passwords should be stored in the
+ database as plaintext.
+
+db=/path/database
+
+ Use the /path/database database for performing lookup. There is no default;
+ the module will return PAM_IGNORE if no database is provided.
+
+debug
+
+ Print debug information.
+
+dump
+
+ Dump all the entries in the database to the log. Don't do this by default!
+
+icase
+
+ Make the password verification to be case insensitive (ie when working with
+ registration numbers and such). Only works with plaintext password storage.
+
+try_first_pass
+
+ Use the authentication token previously obtained by another module that did
+ the conversation with the application. If this token can not be obtained
+ then the module will try to converse. This option can be used for stacking
+ different modules that need to deal with the authentication tokens.
+
+use_first_pass
+
+ Use the authentication token previously obtained by another module that did
+ the conversation with the application. If this token can not be obtained
+ then the module will fail. This option can be used for stacking different
+ modules that need to deal with the authentication tokens.
+
+unknown_ok
+
+ Do not return error when checking for a user that is not in the database.
+ This can be used to stack more than one pam_userdb module that will check a
+ username/password pair in more than a database.
+
+key_only
+
+ The username and password are concatenated together in the database hash as
+ 'username-password' with a random value. if the concatenation of the
+ username and password with a dash in the middle returns any result, the
+ user is valid. this is useful in cases where the username may not be unique
+ but the username and password pair are.
+
+EXAMPLES
+
+auth sufficient pam_userdb.so icase db=/etc/dbtest.db
+
+
+AUTHOR
+
+pam_userdb was written by Cristian Gafton >gafton@redhat.com<.
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-25 11:27:15 +0000