blob: afeee3dad678d9fc1910a016f36127d4918c9c6c (plain
pam_unix comes as one module pam_unix.so.
The following links are left for compatibility with old versions:
pam_unix_auth: authentication module providing
pam_authenticate() and pam_setcred() hooks
pam_unix_sess: session module, providing session logging
pam_unix_acct: account management, providing shadow account
managment features, password aging etc..
pam_unix_passwd: password updating facilities providing
cracklib password strength checking facilities.
The following options are recognized:
debug - log more debugging info
audit - a little more extreme than debug
use_first_pass - don't prompt the user for passwords
take them from PAM_ items instead
try_first_pass - don't prompt the user for the passwords
unless PAM_(OLD)AUTHTOK is unset
use_authtok - like try_first_pass, but * fail * if the new
PAM_AUTHTOK has not been previously set.
(intended for stacking password modules only)
not_set_pass - don't set the PAM_ items with the passwords
used by this module.
shadow - try to maintian a shadow based system.
md5 - when a user changes their password next,
encrypt it with the md5 algorithm.
bigcrypt - when a user changes their password next,
excrypt it with the DEC C2 - algorithm(0).
nodelay - used to prevent failed authentication
resulting in a delay of about 1 second.
nis - use NIS RPC for setting new password
remember=X - remember X old passwords, they are kept in
/etc/security/opasswd in MD5 crypted form
broken_shadow - ignore errors reading shadow information for
users in the account management module
invalid arguments are logged to syslog.