This pam module provides the authentication service using an own set of user/password pairs. CONFIGURATION ============= simple PAM config ----------------- Just add/change the config file for service to contain the line: auth required pam_pwdfile.so pwdfile=/path/to/passwd_file If your service does more with PAM than auth there will be a fallback to the service "other". If that is not what you want, you can use pam_permit.so or pam_deny.so for that: account required pam_permit.so session required pam_permit.so password required pam_deny.so options ------- * pwdfile= * debug: produce a bit of debug output * nodelay: don't tell the PAM stack to cause a delay on auth failure * flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead * legacy_crypt: turns on bigcrypt and "broken md5_crypt", you will only need that if you use password hashes from another system that uses those algorithms PASSWORD FILE ============= The password file basically looks like passwd(5): one line for each user with two or more colon-separated fields. First field contains the username, the second the crypt()ed password. Other field are optional. crypt()ed passwords in various formats can be generated with mkpasswd from the whois package.