| 1 |
the_paya 09/01/22 21:03:18 |
| 2 |
|
| 3 |
Added: README.pamd |
| 4 |
Log: |
| 5 |
Import of the 7.1 ebuilds from gentoo-bsd overlay. |
| 6 |
(Portage version: 2.2_rc23/cvs/FreeBSD i386) |
| 7 |
|
| 8 |
Revision Changes Path |
| 9 |
1.1 sys-freebsd/freebsd-pam-modules/files/README.pamd |
| 10 |
|
| 11 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-freebsd/freebsd-pam-modules/files/README.pamd?rev=1.1&view=markup |
| 12 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/sys-freebsd/freebsd-pam-modules/files/README.pamd?rev=1.1&content-type=text/plain |
| 13 |
|
| 14 |
Index: README.pamd |
| 15 |
=================================================================== |
| 16 |
/etc/pam.d |
| 17 |
|
| 18 |
This directory contains configuration files for the Pluggable |
| 19 |
Authentication Modules (PAM) library. |
| 20 |
|
| 21 |
Each file details the module chain for a single service, and must be |
| 22 |
named after that service. If no configuration file is found for a |
| 23 |
particular service, the /etc/pam.d/other is used instead. If that |
| 24 |
file does not exist, /etc/pam.conf is searched for entries matching |
| 25 |
the specified service or, failing that, the "other" service. |
| 26 |
|
| 27 |
See the pam(8) manual page for an explanation of the workings of the |
| 28 |
PAM library and descriptions of the various files and modules. Below |
| 29 |
is a summary of the format for the pam.conf and /etc/pam.d/* files. |
| 30 |
|
| 31 |
Configuration lines take the following form: |
| 32 |
|
| 33 |
module-type control-flag module-path arguments |
| 34 |
|
| 35 |
Comments are introduced with a hash mark ('#'). Blank lines and lines |
| 36 |
consisting entirely of comments are ignored. |
| 37 |
|
| 38 |
The meanings of the different fields are as follows: |
| 39 |
|
| 40 |
module-type: |
| 41 |
auth: prompt for a password to authenticate that the user is |
| 42 |
who they say they are, and set any credentials. |
| 43 |
account: non-authentication based authorization, based on time, |
| 44 |
resources, etc. |
| 45 |
session: housekeeping before and/or after login. |
| 46 |
password: update authentication tokens. |
| 47 |
|
| 48 |
control-flag: How libpam handles success or failure of the module. |
| 49 |
required: success is required; on failure all remaining |
| 50 |
modules are run, but the request will be denied. |
| 51 |
requisite: success is required, and on failure no remaining |
| 52 |
modules are run. |
| 53 |
sufficient: success is sufficient, and if no previous required |
| 54 |
module failed, no remaining modules are run. |
| 55 |
binding: success is sufficient; on failure all remaining |
| 56 |
modules are run, but the request will be denied. |
| 57 |
optional: ignored unless the other modules return PAM_IGNORE. |
| 58 |
|
| 59 |
arguments: Module-specific options, plus some generic ones: |
| 60 |
debug: syslog debug info. |
| 61 |
no_warn: return no warning messages to the application. |
| 62 |
Remove this to feed back to the user the |
| 63 |
reason(s) they are being rejected. |
| 64 |
use_first_pass: try authentication using password from the |
| 65 |
preceding auth module. |
| 66 |
try_first_pass: first try authentication using password from |
| 67 |
the preceding auth module, and if that fails |
| 68 |
prompt for a new password. |
| 69 |
use_mapped_pass: convert cleartext password to a crypto key. |
| 70 |
expose_account: allow printing more info about the user when |
| 71 |
prompting. |
| 72 |
|
| 73 |
Note that having a "sufficient" module as the last entry for a |
| 74 |
particular service and module type may result in surprising behaviour. |
| 75 |
To get the intended semantics, add a "required" entry listing the |
| 76 |
pam_deny module at the end of the chain. |
| 77 |
|
| 78 |
$Header: /var/cvsroot/gentoo-x86/sys-freebsd/freebsd-pam-modules/files/README.pamd,v 1.1 2009/01/22 21:03:18 the_paya Exp $ |
Archives