NAME
pam_ldap - PAM module for LDAP-based authentication
SYNOPSIS
pam_ldap.so [...]
DESCRIPTION
This is a PAM module that uses an LDAP server to verify user access
rights and credentials.
OPTIONS
use_first_pass
Specifies that the PAM module should use the first password
provided in the authentication stack and not prompt the user for
a password.
try_first_pass
Specifies that the PAM module should use the first password
provided in the authentication stack and if that fails prompt
the user for a password.
ignore_unknown_user
Specifies that the PAM module should return PAM_IGNORE for users
that are not present in the LDAP directory. This causes the PAM
framework to ignore this module.
ignore_authinfo_unavail
Specifies that the PAM module should return PAM_IGNORE if it
cannot contact the LDAP server. This causes the PAM framework
to ignore this module.
no_warn
Specifies that warning messages should not be propagated to the
PAM application.
use_authtok
This causes the PAM module to use the earlier provided password
when changing the password. The module will not prompt the user
for a new password (it is analogous to use_first_pass).
debug This option causes the PAM module to log debugging information
to syslog(3).
minimum_uid=UID
This option causes the PAM module to ignore the user if the user
id is lower than the specified value. This can be used to bypass
LDAP checks for system users (e.g. by setting it to 1000).
MODULE SERVICES PROVIDED
All services are provided by this module but currently sessions changes
are not implemented in the nslcd daemon.
FILES
/etc/pam.conf
the main PAM configuration file
/etc/nslcd.conf
The configuration file for the nslcd daemon (see nslcd.conf(5))
SEE ALSO
pam.conf(5), nslcd(8), nslcd.conf(5)
AUTHOR
This manual was written by Arthur de Jong <arthur@arthurdejong.org>.