         pam_userdb — PAM module to authenticate against a db database

════════════════════════════════════════════════════════════════════════════════

DESCRIPTION

The pam_userdb module is used to verify a username/password pair against values
stored in a Berkeley DB database. The database is indexed by the username, and
the data fields corresponding to the username keys are the passwords.

OPTIONS

crypt=[crypt|none]

        Indicates whether encrypted or plaintext passwords are stored in the
        database. If it is crypt, passwords should be stored in the database in
        crypt(3) form. If none is selected, passwords should be stored in the
        database as plaintext.

db=/path/database

        Use the /path/database database for performing lookup. There is no
        default; the module will return PAM_IGNORE if no database is provided.
        Note that the path to the database file should be specified without the
        .db suffix.

debug

        Print debug information. Note that password hashes, both from db and
        computed, will be printed to syslog.

dump

        Dump all the entries in the database to the log. Don't do this by
        default!

icase

        Make the password verification to be case insensitive (ie when working
        with registration numbers and such). Only works with plaintext password
        storage.

try_first_pass

        Use the authentication token previously obtained by another module that
        did the conversation with the application. If this token can not be
        obtained then the module will try to converse. This option can be used
        for stacking different modules that need to deal with the authentication
        tokens.

use_first_pass

        Use the authentication token previously obtained by another module that
        did the conversation with the application. If this token can not be
        obtained then the module will fail. This option can be used for stacking
        different modules that need to deal with the authentication tokens.

unknown_ok

        Do not return error when checking for a user that is not in the
        database. This can be used to stack more than one pam_userdb module that
        will check a username/password pair in more than a database.

key_only

        The username and password are concatenated together in the database hash
        as 'username-password' with a random value. if the concatenation of the
        username and password with a dash in the middle returns any result, the
        user is valid. this is useful in cases where the username may not be
        unique but the username and password pair are.

EXAMPLES

auth  sufficient pam_userdb.so icase db=/etc/dbtest


AUTHOR

pam_userdb was written by Cristian Gafton >gafton@redhat.com<.
INITIAL
BEFORE_HTML
BEFORE_HEAD
IN_HEAD
IN_HEAD
GENERIC_RCDATA
GENERIC_RCDATA
GENERIC_RCDATA
GENERIC_RCDATA
IN_HEAD
IN_HEAD
AFTER_HEAD
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
IN_BODY
AFTER_BODY
AFTER_AFTER_BODY
AFTER_AFTER_BODY
