summaryrefslogtreecommitdiff
path: root/modules/pam_userdb/pam_userdb.8.xml
diff options
context:
space:
mode:
Diffstat (limited to 'modules/pam_userdb/pam_userdb.8.xml')
-rw-r--r--modules/pam_userdb/pam_userdb.8.xml292
1 files changed, 292 insertions, 0 deletions
diff --git a/modules/pam_userdb/pam_userdb.8.xml b/modules/pam_userdb/pam_userdb.8.xml
new file mode 100644
index 00000000..70b416b3
--- /dev/null
+++ b/modules/pam_userdb/pam_userdb.8.xml
@@ -0,0 +1,292 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+ "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_userdb">
+
+ <refmeta>
+ <refentrytitle>pam_userdb</refentrytitle>
+ <manvolnum>8</manvolnum>
+ <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+ </refmeta>
+
+ <refnamediv id="pam_userdb-name">
+ <refname>pam_userdb</refname>
+ <refpurpose>PAM module to authenticate against a db database</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis id="pam_userdb-cmdsynopsis">
+ <command>pam_userdb.so</command>
+ <arg choice="plain">
+ db=<replaceable>/path/database</replaceable>
+ </arg>
+ <arg choice="opt">
+ debug
+ </arg>
+ <arg choice="opt">
+ crypt=[crypt|none]
+ </arg>
+ <arg choice="opt">
+ icase
+ </arg>
+ <arg choice="opt">
+ dump
+ </arg>
+ <arg choice="opt">
+ try_first_pass
+ </arg>
+ <arg choice="opt">
+ use_first_pass
+ </arg>
+ <arg choice="opt">
+ unknown_ok
+ </arg>
+ <arg choice="opt">
+ key_only
+ </arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1 id="pam_userdb-description">
+
+ <title>DESCRIPTION</title>
+
+ <para>
+ The pam_userdb module is used to verify a username/password pair
+ against values stored in a Berkeley DB database. The database is
+ indexed by the username, and the data fields corresponding to the
+ username keys are the passwords.
+ </para>
+ </refsect1>
+
+ <refsect1 id="pam_userdb-options">
+
+ <title>OPTIONS</title>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>crypt=[crypt|none]</option>
+ </term>
+ <listitem>
+ <para>
+ Indicates whether encrypted or plaintext passwords are stored
+ in the database. If it is <option>crypt</option>, passwords
+ should be stored in the database in
+ <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry> form. If <option>none</option> is selected,
+ passwords should be stored in the database as plaintext.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>db=<replaceable>/path/database</replaceable></option>
+ </term>
+ <listitem>
+ <para>
+ Use the <filename>/path/database</filename> database for
+ performing lookup. There is no default; the module will
+ return <emphasis remap='B'>PAM_IGNORE</emphasis> if no
+ database is provided.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>debug</option>
+ </term>
+ <listitem>
+ <para>
+ Print debug information.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>dump</option>
+ </term>
+ <listitem>
+ <para>
+ Dump all the entries in the database to the log.
+ Don't do this by default!
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>icase</option>
+ </term>
+ <listitem>
+ <para>
+ Make the password verification to be case insensitive
+ (ie when working with registration numbers and such).
+ Only works with plaintext password storage.
+ </para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>
+ <option>try_first_pass</option>
+ </term>
+ <listitem>
+ <para>
+ Use the authentication token previously obtained by
+ another module that did the conversation with the
+ application. If this token can not be obtained then
+ the module will try to converse. This option can
+ be used for stacking different modules that need to
+ deal with the authentication tokens.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>use_first_pass</option>
+ </term>
+ <listitem>
+ <para>
+ Use the authentication token previously obtained by
+ another module that did the conversation with the
+ application. If this token can not be obtained then
+ the module will fail. This option can be used for
+ stacking different modules that need to deal with
+ the authentication tokens.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>unknown_ok</option>
+ </term>
+ <listitem>
+ <para>
+ Do not return error when checking for a user that is
+ not in the database. This can be used to stack more
+ than one pam_userdb module that will check a
+ username/password pair in more than a database.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>
+ <option>key_only</option>
+ </term>
+ <listitem>
+ <para>
+ The username and password are concatenated together
+ in the database hash as 'username-password' with a
+ random value. if the concatenation of the username and
+ password with a dash in the middle returns any result,
+ the user is valid. this is useful in cases where
+ the username may not be unique but the username and
+ password pair are.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id="pam_userdb-services">
+ <title>MODULE SERVICES PROVIDED</title>
+ <para>
+ The services <option>auth</option> and <option>account</option>
+ are supported.
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_userdb-return_values'>
+ <title>RETURN VALUES</title>
+ <variablelist>
+ <varlistentry>
+ <term>PAM_AUTH_ERR</term>
+ <listitem>
+ <para>Authentication failure.</para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_AUTHTOK_RECOVERY_ERR</term>
+ <listitem>
+ <para>
+ Authentication information cannot be recovered.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_BUF_ERR</term>
+ <listitem>
+ <para>
+ Memory buffer error.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_CONV_ERR</term>
+ <listitem>
+ <para>
+ Conversation failure.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SERVICE_ERR</term>
+ <listitem>
+ <para>
+ Error in service module.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_SUCCESS</term>
+ <listitem>
+ <para>
+ Success.
+ </para>
+ </listitem>
+ </varlistentry>
+ <varlistentry>
+ <term>PAM_USER_UNKNOWN</term>
+ <listitem>
+ <para>
+ User not known to the underlying authentication module.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1 id='pam_userdb-examples'>
+ <title>EXAMPLES</title>
+ <programlisting>
+auth sufficient pam_userdb.so icase db=/etc/dbtest.db
+ </programlisting>
+ </refsect1>
+
+ <refsect1 id='pam_userdb-see_also'>
+ <title>SEE ALSO</title>
+ <para>
+ <citerefentry>
+ <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+ </citerefentry>
+ </para>
+ </refsect1>
+
+ <refsect1 id='pam_userdb-author'>
+ <title>AUTHOR</title>
+ <para>
+ pam_userdb was written by Cristian Gafton &gt;gafton@redhat.com&lt;.
+ </para>
+ </refsect1>
+
+</refentry>
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-18 11:07:32 +0000