67 lines
2.1 KiB
Plaintext
67 lines
2.1 KiB
Plaintext
#
|
|
# $Id: README,v 1.7 1997/02/15 19:07:08 morgan Exp $
|
|
#
|
|
# This describes the behavior of this module with respect to the
|
|
# /etc/pam.conf file.
|
|
#
|
|
# writen by Andrew Morgan <morgan@parc.power.net>
|
|
#
|
|
|
|
This module recognizes the following arguments.
|
|
|
|
debug put lots of information in syslog.
|
|
*NOTE* this option writes passwords to syslog, so
|
|
don't use anything sensitive when testing.
|
|
|
|
no_warn don't give warnings about things (otherwise warnings are issued
|
|
via the conversation function)
|
|
|
|
use_first_pass don't prompt for a password, for pam_sm_authentication
|
|
function just use item PAM_AUTHTOK.
|
|
|
|
try_first_pass don't prompt for a password unless there has been no
|
|
previous authentication token (item PAM_AUTHTOK is NULL)
|
|
|
|
rootok This is intended for the pam_sm_chauthtok function and
|
|
it instructs this function to permit root to change
|
|
the user's password without entering the old password.
|
|
|
|
The following arguments are acted on by the module. They are intended
|
|
to make the module give the impression of failing as a fully
|
|
functioning module might.
|
|
|
|
expired an argument intended for the account and chauthtok module
|
|
parts. It instructs the module to act as if the user's
|
|
password has expired
|
|
|
|
fail_1 this instructs the module to make its first function fail.
|
|
|
|
fail_2 this instructs the module to make its second function (if there
|
|
is one) fail.
|
|
|
|
The function break up is indicated in the Module
|
|
Developers' Guide. Listed here it is:
|
|
|
|
service function 1 function 2
|
|
------- ---------- ----------
|
|
auth pam_sm_authenticate pam_sm_setcred
|
|
password pam_sm_chauthtok
|
|
session pam_sm_open_session pam_sm_close_session
|
|
account pam_sm_acct_mgmt
|
|
|
|
prelim for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK.
|
|
|
|
required for pam_sm_chauthtok, means fail if the user hasn't already
|
|
been authenticated by this module. (See stress_new_pwd data
|
|
item below.)
|
|
|
|
#
|
|
# data strings that this module uses are the following:
|
|
#
|
|
|
|
data name value(s) Comments
|
|
--------- -------- --------
|
|
stress_new_pwd yes tells pam_sm_chauthtok that
|
|
pam_sm_acct_mgmt says we need a new
|
|
password
|