summaryrefslogtreecommitdiff
path: root/README
blob: 32b005d1d43a1d82b8b804bae2a277c0d897e099 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
This pam module provides the authentication service using an own set of user/password pairs.

CONFIGURATION
=============

simple PAM config
-----------------

Just add/change the config file for service to contain the line:

auth		required	pam_pwdfile.so pwdfile=/path/to/passwd_file

If your service does more with PAM than auth there will be a fallback to the service "other".
If that is not what you want, you can use pam_permit.so or pam_deny.so for that:

account		required	pam_permit.so
session		required	pam_permit.so
password	required	pam_deny.so


options
-------

* pwdfile=<file>
* debug: produce a bit of debug output
* nodelay: don't tell the PAM stack to cause a delay on auth failure
* flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead
* legacy_crypt: turns on bigcrypt and "broken md5_crypt", you will only need that if you use password hashes from another system that uses those algorithms


PASSWORD FILE
=============

The password file basically looks like passwd(5): one line for each user with two or more colon-separated fields.
First field contains the username, the second the crypt()ed password.
Other fields are optional.

crypt()ed passwords in various formats can be generated with mkpasswd from the whois package.