1PAM_USERDB(8) Linux-PAM Manual PAM_USERDB(8)
2
3
4
6 pam_userdb - PAM module to authenticate against a db database
7
9 pam_userdb.so db=/path/database [debug] [crypt=[crypt|none]] [icase]
10 [dump] [try_first_pass] [use_first_pass] [unknown_ok]
11 [key_only]
12
14 The pam_userdb module is used to verify a username/password pair
15 against values stored in a Berkeley DB database. The database is
16 indexed by the username, and the data fields corresponding to the
17 username keys are the passwords.
18
20 crypt=[crypt|none]
21 Indicates whether encrypted or plaintext passwords are stored in
22 the database. If it is crypt, passwords should be stored in the
23 database in crypt(3) form. If none is selected, passwords should be
24 stored in the database as plaintext.
25
26 db=/path/database
27 Use the /path/database database for performing lookup. There is no
28 default; the module will return PAM_IGNORE if no database is
29 provided. Note that the path to the database file should be
30 specified without the .db suffix.
31
32 debug
33 Print debug information.
34
35 dump
36 Dump all the entries in the database to the log. Don't do this by
37 default!
38
39 icase
40 Make the password verification to be case insensitive (ie when
41 working with registration numbers and such). Only works with
42 plaintext password storage.
43
44 try_first_pass
45 Use the authentication token previously obtained by another module
46 that did the conversation with the application. If this token can
47 not be obtained then the module will try to converse. This option
48 can be used for stacking different modules that need to deal with
49 the authentication tokens.
50
51 use_first_pass
52 Use the authentication token previously obtained by another module
53 that did the conversation with the application. If this token can
54 not be obtained then the module will fail. This option can be used
55 for stacking different modules that need to deal with the
56 authentication tokens.
57
58 unknown_ok
59 Do not return error when checking for a user that is not in the
60 database. This can be used to stack more than one pam_userdb module
61 that will check a username/password pair in more than a database.
62
63 key_only
64 The username and password are concatenated together in the database
65 hash as 'username-password' with a random value. if the
66 concatenation of the username and password with a dash in the
67 middle returns any result, the user is valid. this is useful in
68 cases where the username may not be unique but the username and
69 password pair are.
70
72 The auth and account module types are provided.
73
75 PAM_AUTH_ERR
76 Authentication failure.
77
78 PAM_AUTHTOK_RECOVERY_ERR
79 Authentication information cannot be recovered.
80
81 PAM_BUF_ERR
82 Memory buffer error.
83
84 PAM_CONV_ERR
85 Conversation failure.
86
87 PAM_SERVICE_ERR
88 Error in service module.
89
90 PAM_SUCCESS
91 Success.
92
93 PAM_USER_UNKNOWN
94 User not known to the underlying authentication module.
95
97 auth sufficient pam_userdb.so icase db=/etc/dbtest
98
99
101 crypt(3), pam.conf(5), pam.d(5), pam(8)
102
104 pam_userdb was written by Cristian Gafton >gafton@redhat.com<.
105
106
107
108Linux-PAM Manual 06/08/2020 PAM_USERDB(8)