Man Linux: Main Page and Category List

NAME

       auth-client-config - pam and NSS profile switcher

DESCRIPTION

       This  program  updates nsswitch.conf and pam configuration files to aid
       in authentication configuration.  If the existing nsswitch.conf and pam
       system   configuration   does  not  exist  in  the  profiles  database,
       auth-client-config will comment out the current configuration in such a
       way  that  the  changes can be undone by auth-client-config with the -r
       option.

USAGE

       auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE]

       auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE]

       auth-client-config -p PROFILE -a -t TYPE -s [-f FILE]

OPTIONS

       --version
              show program’s version number and exit

       -h, --help
              show this help message and exit

       -a, --all-types
              apply all types for specified profile

       -d, --database-only
              update file(s) only if current entries are in database

       -f FILE, --file=FILE
              update FILE instead of default

       -l, --list-profiles
              list available profiles

       -L, --list-types
              list available types

       -n, --dry-run
              don’t modify anything, just show the changes

       -p PROFILE, --profile=PROFILE (required)
              use PROFILE

       -r, --reset
              reset file(s) to previous non-auth-client-config  values.   Will
              not remove the current entries unless they match PROFILE

       -s, --check-system
              determine if system files are set to PROFILE

       -S, --show-system
              show current system settings as a profile

       -t TYPE, --type=TYPE
              modify  files  for  TYPE. Multiple types can be specified with a
              comma separated list.

PROFILES DATABASE

       Each time  auth-client-config  is  run,  it  will  check  the  profiles
       database    (by    default,    /etc/auth-client-config/profile.d)   for
       authentication profiles.  Files may be added to the  profiles  database
       directory  to  support  custom  authentication configurations.  This is
       useful for a distribution maintainer  to  have  his/her  authentication
       package  put  an authentication profile into the profiles database, and
       then have his/her package use auth-client-config to update  the  system
       configuration.   It also allows for an administrator to set up a single
       profile for site-wide network authentication roll-outs.

       The files in the profiles database  use  the  .INI  configuration  file
       standard, and the syntax is:

         [example]
         nss_passwd=nsswitch.conf entry for ’passwd’
         nss_group=nsswitch.conf entry for ’group
         nss_shadow=nsswitch.conf entry for ’shadow’
         nss_netgroup=nsswitch.conf entry for ’netgroup’
         pam_auth=pam entry/entries for ’auth’
         pam_account=pam entry/entries for ’account’
         pam_password=pam entry/entries for ’password’
         pam_session=pam entry/entries for ’session’

       If  you  need to specify multiple entries for a specific type (which is
       often the case with PAM), then simply  list  additional  entries  on  a
       newline   preceded   by  a  tab.   For  example,  an  entry  for  local
       configuration might be:

         [example_local]
         nss_passwd=passwd: files
         nss_group=group: files
         nss_shadow=shadow: files
         nss_netgroup=netgroup: nis
         pam_auth=auth    required        pam_unix.so nullok_secure debug
         pam_account=account required        pam_unix.so debug
         pam_password=password   required   pam_unix.so nullok obscure \
           min=4 max=8 md5 debug
         pam_session=session required        pam_unix.so debug
                session optional        pam_foreground.so

       Notice how in the above, pam_session has two entries  (pam_password  in
       this example should be all on one line, hence the ’\’).

       To  use the above entry with auth-client-config, create a file with the
       above entries in it  and  put  the  file  into  the  profiles  database
       directory (typically named after the profile or package that added it).
       Now call auth-client-config with:

         auth-client-config -a -p example_local

EXAMPLES

       Set nsswitch.conf and pam to use the ’example_local’ profile:
         auth-client-config -a -p example_local

       Set only nsswitch.conf to use the ’example_local’ profile, but only  if
       current nsswitch.conf entries exist in the profiles database:
         auth-client-config -t nss -p example_local -d

       Restore nsswitch.conf and pam to previous non-auth-client-config files:
         auth-client-config -a -p example_local -r

KNOWN ISSUES

       If two or more profiles have the same name, only the last one  will  be
       used.   Additionally,  if  a  profile in the profiles database has more
       than one entry for a particular field (eg, two  ’nss_passwd’  entries),
       then then the last one read will be used.

       auth-client-config strips out all carriage returns when run on Unix.

SEE ALSO

        nsswitch.conf(5), pam(7)

AUTHOR

       auth-client-config is copyright 2007-2008 by Jamie Strandboge

       This   manual   page   was   originally  written  by  Jamie  Strandboge
       <jamie@strandboge.com>

                                   July 2007            AUTH-CLIENT-CONFIG:(8)