diff options
Diffstat (limited to 'README')
-rw-r--r-- | README | 60 |
1 files changed, 60 insertions, 0 deletions
@@ -1,3 +1,5 @@ +-*- fill-column: 80 -*- + nss-pam-ldapd - NSS and PAM libraries for name lookups and authentication using LDAP @@ -34,6 +36,64 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +PAM OPTIONS +=========== + +Options affecting libpam:pam_get_authtok(3): +pam_sm_authenticate +pam_sm_chauthtok + + +use_first_pass + + The argument use_first_pass forces the module to use a previous stacked + modules password and will never prompt the user - if no password is + available or the password is not appropriate, the user will be denied + access. + +try_first_pass + + Before prompting the user for their password, the module first tries the + previous stacked module's password in case that satisfies this module as + well. + +use_authtok + + When password changing enforce the module to use the new password provided + by a previously stacked password module (this is used in the example of the + stacking of the pam_cracklib module documented below). + +Options (only?) affecting pam_ldap.so itself: + +nullok + + The default action of this module is to not permit the user access to a + service if their official password is blank. The nullok argument overrides + this default. + +no_warn + + Do not print messages with pam_error(3). + +ignore_unknown_user + + Return PAM_IGNORE instead of PAM_USER_UNKNOWN in the event of an unknown + user. + +ignore_authoinfo_unavail + + Return PAM_IGNORE instead of PAM_AUTHINFO_UNAVAIL. + +debug + + Turns on debugging via syslog(3). + +minimum_uid=<UID> + + By default, this module works for all user ID numbers. The minimum_uid= + option sets a minumum UID to answer for. Requests for a UID lower than + minimum_uid= will result PAM_UNKNOWN_USER being returned (or PAM_IGNORE if + ignore_uknown_user is set). INTRODUCTION ============ |