blob: 4f420855cded84e5ed6cf88a83d7e5d42db50e25 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
This is the pam_unix module. It has been significantly rewritten since
.51 was released (due mostly to the efforts of Cristian Gafton), and
now takes more options and correctly updates vanilla UNIX/shadow/md5
passwords.
[Please read the source and make a note of all the warnings there, as
the license suggests -- use at your own risk.]
So far as I am concerned this module is now pretty stable. If you find
any bugs, PLEASE tell me! <morgan@linux.kernel.org>
Options recognized by this module are as follows:
debug - log more debugging info
audit - a little more extreme than debug
use_first_pass - don't prompt the user for passwords
take them from PAM_ items instead
try_first_pass - don't prompt the user for the passwords
unless PAM_(OLD)AUTHTOK is unset
use_authtok - like try_first_pass, but *fail* if the new
PAM_AUTHTOK has not been previously set.
(intended for stacking password modules only)
not_set_pass - don't set the PAM_ items with the passwords
used by this module.
shadow - try to maintian a shadow based system.
unix - when changing passwords, they are placed
in the /etc/passwd file
md5 - when a user changes their password next,
encrypt it with the md5 algorithm.
bigcrypt - when a user changes their password next,
excrypt it with the DEC C2-algorithm(0).
nodelay - used to prevent failed authentication
resulting in a delay of about 1 second.
There is some support for building a shadow file on-the-fly from an
/etc/passwd file. This is VERY alpha. If you want to play with it you
should read the source to find the appropriate #define that you will
need.
---------------------
Andrew Morgan <morgan@linux.kernel.org>
|