blob: 32b005d1d43a1d82b8b804bae2a277c0d897e099 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
This pam module provides the authentication service using an own set of user/password pairs.
CONFIGURATION
=============
simple PAM config
-----------------
Just add/change the config file for service to contain the line:
auth required pam_pwdfile.so pwdfile=/path/to/passwd_file
If your service does more with PAM than auth there will be a fallback to the service "other".
If that is not what you want, you can use pam_permit.so or pam_deny.so for that:
account required pam_permit.so
session required pam_permit.so
password required pam_deny.so
options
-------
* pwdfile=<file>
* debug: produce a bit of debug output
* nodelay: don't tell the PAM stack to cause a delay on auth failure
* flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead
* legacy_crypt: turns on bigcrypt and "broken md5_crypt", you will only need that if you use password hashes from another system that uses those algorithms
PASSWORD FILE
=============
The password file basically looks like passwd(5): one line for each user with two or more colon-separated fields.
First field contains the username, the second the crypt()ed password.
Other fields are optional.
crypt()ed passwords in various formats can be generated with mkpasswd from the whois package.
|