1PAM_USERDB(8)                  Linux-PAM Manual                  PAM_USERDB(8)
2
3
4

NAME

6       pam_userdb - PAM module to authenticate against a db database
7

SYNOPSIS

9       pam_userdb.so db=/path/database [debug] [crypt=[crypt|none]] [icase]
10                     [dump] [try_first_pass] [use_first_pass] [unknown_ok]
11                     [key_only]
12

DESCRIPTION

14       The pam_userdb module is used to verify a username/password pair
15       against values stored in a Berkeley DB database. The database is
16       indexed by the username, and the data fields corresponding to the
17       username keys are the passwords.
18

OPTIONS

20       crypt=[crypt|none]
21          Indicates whether encrypted or plaintext passwords are stored in the
22          database. If it is crypt, passwords should be stored in the database
23          in crypt(3) form. If none is selected, passwords should be stored in
24          the database as plaintext.
25
26       db=/path/database
27          Use the /path/database database for performing lookup. There is no
28          default; the module will return PAM_IGNORE if no database is
29          provided.
30
31       debug
32          Print debug information.
33
34       dump
35          Dump all the entries in the database to the log. Don't do this by
36          default!
37
38       icase
39          Make the password verification to be case insensitive (ie when
40          working with registration numbers and such). Only works with
41          plaintext password storage.
42
43       try_first_pass
44          Use the authentication token previously obtained by another module
45          that did the conversation with the application. If this token can
46          not be obtained then the module will try to converse. This option
47          can be used for stacking different modules that need to deal with
48          the authentication tokens.
49
50       use_first_pass
51          Use the authentication token previously obtained by another module
52          that did the conversation with the application. If this token can
53          not be obtained then the module will fail. This option can be used
54          for stacking different modules that need to deal with the
55          authentication tokens.
56
57       unknown_ok
58          Do not return error when checking for a user that is not in the
59          database. This can be used to stack more than one pam_userdb module
60          that will check a username/password pair in more than a database.
61
62       key_only
63          The username and password are concatenated together in the database
64          hash as 'username-password' with a random value. if the
65          concatenation of the username and password with a dash in the middle
66          returns any result, the user is valid. this is useful in cases where
67          the username may not be unique but the username and password pair
68          are.
69

MODULE SERVICES PROVIDED

71       The services auth and account are supported.
72

RETURN VALUES

74       PAM_AUTH_ERR
75          Authentication failure.
76
77       PAM_AUTHTOK_RECOVERY_ERR
78          Authentication information cannot be recovered.
79
80       PAM_BUF_ERR
81          Memory buffer error.
82
83       PAM_CONV_ERR
84          Conversation failure.
85
86       PAM_SERVICE_ERR
87          Error in service module.
88
89       PAM_SUCCESS
90          Success.
91
92       PAM_USER_UNKNOWN
93          User not known to the underlying authentication module.
94

EXAMPLES

96          auth  sufficient pam_userdb.so icase db=/etc/dbtest.db
97
98

SEE ALSO

100       crypt(3), pam.conf(5), pam.d(8), pam(8)
101

AUTHOR

103       pam_userdb was written by Cristian Gafton >gafton@redhat.com<.
104
105
106
107Linux-PAM Manual                  06/07/2006                     PAM_USERDB(8)
Impressum