From 98713a7b959ff3dd7197e3718b3002635c4e975d Mon Sep 17 00:00:00 2001 From: Charl Botha Date: Mon, 22 May 2000 20:55:34 +0000 Subject: Release 0.2 version. --- README | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'README') diff --git a/README b/README index 4934098..3d65e7c 100644 --- a/README +++ b/README @@ -1,8 +1,8 @@ README for pam_pwdfile PAM module - Charl P. Botha -$Id: README,v 1.1.1.1 1999-08-05 13:09:07 cpbotha Exp $ +$Id: README,v 1.2 2000-05-22 20:55:34 cpbotha Exp $ --------------------------------------------------------------------------- -Let's say that this is version 0.1 of pam_pwdfile. +This is version 0.2 of pam_pwdfile. This pam module can be used for the authentication service only, in cases where one wants to use a different set of passwords than those in the main @@ -10,14 +10,21 @@ system password database. E.g. in our case we have an imap server running, and prefer to keep the imap passwords different from the system passwords for security reasons. -The /etc/pam.d/imap looks like this: +The /etc/pam.d/imap looks like this (e.g.) #%PAM-1.0 auth required /lib/security/pam_pwdfile.so pwdfile /etc/imap.passwd account required /lib/security/pam_pwdb.so At the moment the only parameters that pam_pwdfile.so parses for is "pwdfile", followed by the name of the ASCII password database, as in the -above example. +above example. Also, thanks to Jacob Schroeder , +pam_pwdfile now supports password file locking. Adding an "flock" parameter +activates this feature: pam_pwdfile uses and honours flock() file locking on +the specified password file. Specifying "noflock" or no flock-type +parameter at all deactivates this feature. + +Example: +auth required /lib/security/pam_pwdfile.so pwdfile /etc/blah.passwd flock The ASCII password file is simply a list of lines, each looking like this: username:crypted_passwd[13] @@ -25,6 +32,10 @@ username:crypted_passwd[13] Note that we still expect users to have accounts in the usual place, as we make use of the pam_pwdb.so module for the account service. This module is just so that one can have multiple sets of passwords for different services, -e.g. with our /etc/imap.passwd. +e.g. with our /etc/imap.passwd. It is however possible with certain +applications patched for pam (Cyrus IMAP server e.g.) that one does not need +the users to exist in the system database. These files have been created for inclusion into the PAM source tree. +Thanks to Michael-John Turner pam_pwdfile is available as a +debian package (libpam-pwdfile) from potato onwards. -- cgit v1.2.3