1PAM_USERDB(8) Linux-PAM Manual PAM_USERDB(8)
2
6 pam_userdb - PAM module to authenticate against a db database
7
9 pam_userdb.so db=/path/database [debug] [crypt=[crypt|none]] [icase]
10 [dump] [try_first_pass] [use_first_pass] [unknown_ok]
11 [key_only]
12
14 The pam_userdb module is used to verify a username/password pair
15 against values stored in a Berkeley DB database. The database is
16 indexed by the username, and the data fields corresponding to the
17 username keys are the passwords.
18
20 crypt=[crypt|none]
21 Indicates whether encrypted or plaintext passwords are stored in
22 the database. If it is crypt, passwords should be stored in the
23 database in crypt(3) form. If none is selected, passwords should be
24 stored in the database as plaintext.
25 db=/path/database
27 Use the /path/database database for performing lookup. There is no
28 default; the module will return PAM_IGNORE if no database is
29 provided. Note that the path to the database file should be
30 specified without the .db suffix.
31 debug
33 Print debug information. Note that password hashes, both from db
34 and computed, will be printed to syslog.
35 dump
37 Dump all the entries in the database to the log. Don't do this by
38 default!
39 icase
41 Make the password verification to be case insensitive (ie when
42 working with registration numbers and such). Only works with
43 plaintext password storage.
44 try_first_pass
46 Use the authentication token previously obtained by another module
47 that did the conversation with the application. If this token can
48 not be obtained then the module will try to converse. This option
49 can be used for stacking different modules that need to deal with
50 the authentication tokens.
51 use_first_pass
53 Use the authentication token previously obtained by another module
54 that did the conversation with the application. If this token can
55 not be obtained then the module will fail. This option can be used
56 for stacking different modules that need to deal with the
57 authentication tokens.
58 unknown_ok
60 Do not return error when checking for a user that is not in the
61 database. This can be used to stack more than one pam_userdb module
62 that will check a username/password pair in more than a database.
63 key_only
65 The username and password are concatenated together in the database
66 hash as 'username-password' with a random value. if the
67 concatenation of the username and password with a dash in the
68 middle returns any result, the user is valid. this is useful in
69 cases where the username may not be unique but the username and
70 password pair are.
71
73 The auth and account module types are provided.
74
76 PAM_AUTH_ERR
77 Authentication failure.
78 PAM_AUTHTOK_RECOVERY_ERR
80 Authentication information cannot be recovered.
81 PAM_BUF_ERR
83 Memory buffer error.
84 PAM_CONV_ERR
86 Conversation failure.
87 PAM_SERVICE_ERR
89 Error in service module.
90 PAM_SUCCESS
92 Success.
93 PAM_USER_UNKNOWN
95 User not known to the underlying authentication module.
96
98 auth sufficient pam_userdb.so icase db=/etc/dbtest
99
102 crypt(3), pam.conf(5), pam.d(5), pam(8)
103
105 pam_userdb was written by Cristian Gafton >gafton@redhat.com<.
106Linux-PAM Manual 09/03/2021 PAM_USERDB(8)