aboutsummaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README21
1 files changed, 16 insertions, 5 deletions
diff --git a/README b/README
index 4934098..3d65e7c 100644
--- a/README
+++ b/README
@@ -1,8 +1,8 @@
README for pam_pwdfile PAM module - Charl P. Botha <cpbotha@ieee.org>
-$Id: README,v 1.1.1.1 1999-08-05 13:09:07 cpbotha Exp $
+$Id: README,v 1.2 2000-05-22 20:55:34 cpbotha Exp $
---------------------------------------------------------------------------
-Let's say that this is version 0.1 of pam_pwdfile.
+This is version 0.2 of pam_pwdfile.
This pam module can be used for the authentication service only, in cases
where one wants to use a different set of passwords than those in the main
@@ -10,14 +10,21 @@ system password database. E.g. in our case we have an imap server running,
and prefer to keep the imap passwords different from the system passwords
for security reasons.
-The /etc/pam.d/imap looks like this:
+The /etc/pam.d/imap looks like this (e.g.)
#%PAM-1.0
auth required /lib/security/pam_pwdfile.so pwdfile /etc/imap.passwd
account required /lib/security/pam_pwdb.so
At the moment the only parameters that pam_pwdfile.so parses for is
"pwdfile", followed by the name of the ASCII password database, as in the
-above example.
+above example. Also, thanks to Jacob Schroeder <jacob@quantec.de>,
+pam_pwdfile now supports password file locking. Adding an "flock" parameter
+activates this feature: pam_pwdfile uses and honours flock() file locking on
+the specified password file. Specifying "noflock" or no flock-type
+parameter at all deactivates this feature.
+
+Example:
+auth required /lib/security/pam_pwdfile.so pwdfile /etc/blah.passwd flock
The ASCII password file is simply a list of lines, each looking like this:
username:crypted_passwd[13]
@@ -25,6 +32,10 @@ username:crypted_passwd[13]
Note that we still expect users to have accounts in the usual place, as we
make use of the pam_pwdb.so module for the account service. This module is
just so that one can have multiple sets of passwords for different services,
-e.g. with our /etc/imap.passwd.
+e.g. with our /etc/imap.passwd. It is however possible with certain
+applications patched for pam (Cyrus IMAP server e.g.) that one does not need
+the users to exist in the system database.
These files have been created for inclusion into the PAM source tree.
+Thanks to Michael-John Turner <mj@debian.org> pam_pwdfile is available as a
+debian package (libpam-pwdfile) from potato onwards.