Man Linux: Main Page and Category List

NAME

       pam-auth-update - manage PAM configuration using packaged profiles

SYNOPSIS

       pam-auth-update [--package [--remove profile [profile...]]]  [--force]

DESCRIPTION

       pam-auth-update  is  a  utility  that  permits  configuring the central
       authentication policy for the  system  using  pre-defined  profiles  as
       supplied   by   PAM   module   packages.    Profiles   shipped  in  the
       /usr/share/pam-configs/ directory specify the modules, with options, to
       enable;  the  preferred  ordering  with  respect to other profiles; and
       whether a profile should be enabled by default.  Packages providing PAM
       modules   register   their   profiles   at   install  time  by  calling
       pam-auth-update --package.  Selection of profiles  is  done  using  the
       standard  debconf  interface.   The  profile selection question will be
       asked at `medium' priority when packages are added or  removed,  so  no
       user   interaction   is   required   by   default.   Users  may  invoke
       pam-auth-update directly to change their authentication  configuration.

       The   script   makes   every   effort   to  respect  local  changes  to
       /etc/pam.d/common-*.  Local modifications to the list of module options
       will  be preserved, and additions of modules within the managed portion
       of the stack will cause pam-auth-update to treat the  config  files  as
       locally  modified  and  not  make  further  changes to the config files
       unless given the --force option.

       If the  user  specifies  that  pam-auth-update  should  override  local
       configuration  changes,  the  locally-modified  files  will be saved in
       /etc/pam.d/ with a suffix of .pam-old.

OPTIONS

       --package
              Indicate that the caller is a package maintainer script;  lowers
              the  priority  of debconf questions to `medium' so that the user
              is not prompted by default.

       --remove profile [profile...]
              Remove the specified profiles  from  the  system  configuration.
              pam-auth-update  --remove should be used to remove profiles from
              the configuration before the modules they reference are  removed
              from  disk,  to  ensure  that  PAM is in a consistent and usable
              state at all times during package upgrades or removals.

       --force
              Overwrite the  current  PAM  configuration,  without  prompting.
              This  option  must not be used by package maintainer scripts; it
              is intended for use by administrators only.

FILES

       /etc/pam.d/common-*
           Global configuration of PAM, affecting all installed services.

       /usr/share/pam-configs/
           Package-supplied authentication profiles.

AUTHOR

       Steve Langasek <steve.langasek@canonical.com>

COPYRIGHT

       Copyright (C) 2008 Canonical Ltd.

SEE ALSO

       PAM(7), pam.d(5), debconf(7)