/[gentoo-alt]/trunk/sys-libs/freebsd-pam-modules/files/5.4/README.pamd
Gentoo

Contents of /trunk/sys-libs/freebsd-pam-modules/files/5.4/README.pamd

Parent Directory Parent Directory | Revision Log Revision Log


Revision 388 - (show annotations) (download)
Mon May 23 10:39:51 2005 UTC (9 years, 4 months ago) by flameeyes
File size: 2850 byte(s)
New revision, this time installs correctly (pamd, not envd). Pam.d files are in $FILESDIR instead than in an external tarball, as they are quite less than before.

1 /etc/pam.d
2
3 This directory contains configuration files for the Pluggable
4 Authentication Modules (PAM) library.
5
6 Each file details the module chain for a single service, and must be
7 named after that service. If no configuration file is found for a
8 particular service, the /etc/pam.d/other is used instead. If that
9 file does not exist, /etc/pam.conf is searched for entries matching
10 the specified service or, failing that, the "other" service.
11
12 See the pam(8) manual page for an explanation of the workings of the
13 PAM library and descriptions of the various files and modules. Below
14 is a summary of the format for the pam.conf and /etc/pam.d/* files.
15
16 Configuration lines take the following form:
17
18 module-type control-flag module-path arguments
19
20 Comments are introduced with a hash mark ('#'). Blank lines and lines
21 consisting entirely of comments are ignored.
22
23 The meanings of the different fields are as follows:
24
25 module-type:
26 auth: prompt for a password to authenticate that the user is
27 who they say they are, and set any credentials.
28 account: non-authentication based authorization, based on time,
29 resources, etc.
30 session: housekeeping before and/or after login.
31 password: update authentication tokens.
32
33 control-flag: How libpam handles success or failure of the module.
34 required: success is required; on failure all remaining
35 modules are run, but the request will be denied.
36 requisite: success is required, and on failure no remaining
37 modules are run.
38 sufficient: success is sufficient, and if no previous required
39 module failed, no remaining modules are run.
40 binding: success is sufficient; on failure all remaining
41 modules are run, but the request will be denied.
42 optional: ignored unless the other modules return PAM_IGNORE.
43
44 arguments: Module-specific options, plus some generic ones:
45 debug: syslog debug info.
46 no_warn: return no warning messages to the application.
47 Remove this to feed back to the user the
48 reason(s) they are being rejected.
49 use_first_pass: try authentication using password from the
50 preceding auth module.
51 try_first_pass: first try authentication using password from
52 the preceding auth module, and if that fails
53 prompt for a new password.
54 use_mapped_pass: convert cleartext password to a crypto key.
55 expose_account: allow printing more info about the user when
56 prompting.
57
58 Note that having a "sufficient" module as the last entry for a
59 particular service and module type may result in surprising behaviour.
60 To get the intended semantics, add a "required" entry listing the
61 pam_deny module at the end of the chain.
62
63 $Header$

Properties

Name Value
svn:eol-style native
svn:keywords Author Date Id Revision

  ViewVC Help
Powered by ViewVC 1.1.20