blob: 4f420855cded84e5ed6cf88a83d7e5d42db50e25 (plain
This is the pam_unix module. It has been significantly rewritten since
.51 was released (due mostly to the efforts of Cristian Gafton), and
now takes more options and correctly updates vanilla UNIX/shadow/md5
[Please read the source and make a note of all the warnings there, as
the license suggests -- use at your own risk.]
So far as I am concerned this module is now pretty stable. If you find
any bugs, PLEASE tell me! <email@example.com>
Options recognized by this module are as follows:
debug - log more debugging info
audit - a little more extreme than debug
use_first_pass - don't prompt the user for passwords
take them from PAM_ items instead
try_first_pass - don't prompt the user for the passwords
unless PAM_(OLD)AUTHTOK is unset
use_authtok - like try_first_pass, but *fail* if the new
PAM_AUTHTOK has not been previously set.
(intended for stacking password modules only)
not_set_pass - don't set the PAM_ items with the passwords
used by this module.
shadow - try to maintian a shadow based system.
unix - when changing passwords, they are placed
in the /etc/passwd file
md5 - when a user changes their password next,
encrypt it with the md5 algorithm.
bigcrypt - when a user changes their password next,
excrypt it with the DEC C2-algorithm(0).
nodelay - used to prevent failed authentication
resulting in a delay of about 1 second.
There is some support for building a shadow file on-the-fly from an
/etc/passwd file. This is VERY alpha. If you want to play with it you
should read the source to find the appropriate #define that you will
Andrew Morgan <firstname.lastname@example.org>