1 |
the_paya 09/01/22 21:03:18 |
2 |
|
3 |
Added: README.pamd |
4 |
Log: |
5 |
Import of the 7.1 ebuilds from gentoo-bsd overlay. |
6 |
(Portage version: 2.2_rc23/cvs/FreeBSD i386) |
7 |
|
8 |
Revision Changes Path |
9 |
1.1 sys-freebsd/freebsd-pam-modules/files/README.pamd |
10 |
|
11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-freebsd/freebsd-pam-modules/files/README.pamd?rev=1.1&view=markup |
12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-freebsd/freebsd-pam-modules/files/README.pamd?rev=1.1&content-type=text/plain |
13 |
|
14 |
Index: README.pamd |
15 |
=================================================================== |
16 |
/etc/pam.d |
17 |
|
18 |
This directory contains configuration files for the Pluggable |
19 |
Authentication Modules (PAM) library. |
20 |
|
21 |
Each file details the module chain for a single service, and must be |
22 |
named after that service. If no configuration file is found for a |
23 |
particular service, the /etc/pam.d/other is used instead. If that |
24 |
file does not exist, /etc/pam.conf is searched for entries matching |
25 |
the specified service or, failing that, the "other" service. |
26 |
|
27 |
See the pam(8) manual page for an explanation of the workings of the |
28 |
PAM library and descriptions of the various files and modules. Below |
29 |
is a summary of the format for the pam.conf and /etc/pam.d/* files. |
30 |
|
31 |
Configuration lines take the following form: |
32 |
|
33 |
module-type control-flag module-path arguments |
34 |
|
35 |
Comments are introduced with a hash mark ('#'). Blank lines and lines |
36 |
consisting entirely of comments are ignored. |
37 |
|
38 |
The meanings of the different fields are as follows: |
39 |
|
40 |
module-type: |
41 |
auth: prompt for a password to authenticate that the user is |
42 |
who they say they are, and set any credentials. |
43 |
account: non-authentication based authorization, based on time, |
44 |
resources, etc. |
45 |
session: housekeeping before and/or after login. |
46 |
password: update authentication tokens. |
47 |
|
48 |
control-flag: How libpam handles success or failure of the module. |
49 |
required: success is required; on failure all remaining |
50 |
modules are run, but the request will be denied. |
51 |
requisite: success is required, and on failure no remaining |
52 |
modules are run. |
53 |
sufficient: success is sufficient, and if no previous required |
54 |
module failed, no remaining modules are run. |
55 |
binding: success is sufficient; on failure all remaining |
56 |
modules are run, but the request will be denied. |
57 |
optional: ignored unless the other modules return PAM_IGNORE. |
58 |
|
59 |
arguments: Module-specific options, plus some generic ones: |
60 |
debug: syslog debug info. |
61 |
no_warn: return no warning messages to the application. |
62 |
Remove this to feed back to the user the |
63 |
reason(s) they are being rejected. |
64 |
use_first_pass: try authentication using password from the |
65 |
preceding auth module. |
66 |
try_first_pass: first try authentication using password from |
67 |
the preceding auth module, and if that fails |
68 |
prompt for a new password. |
69 |
use_mapped_pass: convert cleartext password to a crypto key. |
70 |
expose_account: allow printing more info about the user when |
71 |
prompting. |
72 |
|
73 |
Note that having a "sufficient" module as the last entry for a |
74 |
particular service and module type may result in surprising behaviour. |
75 |
To get the intended semantics, add a "required" entry listing the |
76 |
pam_deny module at the end of the chain. |
77 |
|
78 |
$Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-pam-modules/files/README.pamd,v 1.1 2009/01/22 21:03:18 the_paya Exp $ |