1pam_ldap(8)                 System Manager's Manual                pam_ldap(8)
2
3
4

NAME

6       pam_ldap - PAM module for LDAP-based authentication
7

SYNOPSIS

9       pam_ldap.so [...]
10

DESCRIPTION

12       This  is  a  PAM  module that uses an LDAP server to verify user access
13       rights and credentials.
14

OPTIONS

16       use_first_pass
17              Specifies that the PAM module should use the first password pro‐
18              vided  in the authentication stack and not prompt the user for a
19              password.
20
21       try_first_pass
22              Specifies that the PAM module should use the first password pro‐
23              vided  in  the authentication stack and if that fails prompt the
24              user for a password.
25
26       nullok Specifying this option allows users to log in with a blank pass‐
27              word.  Normally logins without a password are denied.
28
29       ignore_unknown_user
30              Specifies that the PAM module should return PAM_IGNORE for users
31              that are not present in the LDAP directory.  This causes the PAM
32              framework to ignore this module.
33
34       ignore_authinfo_unavail
35              Specifies  that  the  PAM  module should return PAM_IGNORE if it
36              cannot contact the LDAP server.  This causes the  PAM  framework
37              to ignore this module.
38
39       no_warn
40              Specifies  that warning messages should not be propagated to the
41              PAM application.
42
43       use_authtok
44              This causes the PAM module to use the earlier provided  password
45              when  changing the password. The module will not prompt the user
46              for a new password (it is analogous to use_first_pass).
47
48       debug  This option causes the PAM module to log  debugging  information
49              to syslog(3).
50
51       minimum_uid=UID
52              This option causes the PAM module to ignore the user if the user
53              id is lower than the specified value. This can be used to bypass
54              LDAP checks for system users (e.g. by setting it to 1000).
55

MODULE SERVICES PROVIDED

57       All services are provided by this module but currently sessions changes
58       are not implemented in the nslcd daemon.
59

FILES

61       /etc/pam.conf
62              the main PAM configuration file
63
64       /etc/nslcd.conf
65              The configuration file for the nslcd daemon (see nslcd.conf(5))
66

SEE ALSO

68       pam.conf(5), nslcd(8), nslcd.conf(5)
69

AUTHOR

71       This manual was written by Arthur de Jong <arthur@arthurdejong.org>.
72
73
74
75Version 0.9.9                      Feb 2018                        pam_ldap(8)
Impressum