#
# $Id: README,v 1.7 1997/02/15 19:07:08 morgan Exp $
#
# This describes the behavior of this module with respect to the
# /etc/pam.conf file.
#
# writen by Andrew Morgan <morgan@parc.power.net>
#
This module recognizes the following arguments.
debug put lots of information in syslog.
*NOTE* this option writes passwords to syslog, so
don't use anything sensitive when testing.
no_warn don't give warnings about things (otherwise warnings are issued
via the conversation function)
use_first_pass don't prompt for a password, for pam_sm_authentication
function just use item PAM_AUTHTOK.
try_first_pass don't prompt for a password unless there has been no
previous authentication token (item PAM_AUTHTOK is NULL)
rootok This is intended for the pam_sm_chauthtok function and
it instructs this function to permit root to change
the user's password without entering the old password.
The following arguments are acted on by the module. They are intended
to make the module give the impression of failing as a fully
functioning module might.
expired an argument intended for the account and chauthtok module
parts. It instructs the module to act as if the user's
password has expired
fail_1 this instructs the module to make its first function fail.
fail_2 this instructs the module to make its second function (if there
is one) fail.
The function break up is indicated in the Module
Developers' Guide. Listed here it is:
service function 1 function 2
------- ---------- ----------
auth pam_sm_authenticate pam_sm_setcred
password pam_sm_chauthtok
session pam_sm_open_session pam_sm_close_session
account pam_sm_acct_mgmt
prelim for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK.
required for pam_sm_chauthtok, means fail if the user hasn't already
been authenticated by this module. (See stress_new_pwd data
item below.)
#
# data strings that this module uses are the following:
#
data name value(s) Comments
--------- -------- --------
stress_new_pwd yes tells pam_sm_chauthtok that
pam_sm_acct_mgmt says we need a new
password