Man Linux: Main Page and Category List

NAME

       pam_unix2 - Standard PAM module for traditional password authentication

DESCRIPTION

       The pam_unix2 PAM module is for traditional password authentication. It
       uses  standard  calls  from the glibc NSS libraries to retrieve and set
       account information as well as authentication. Usually this is obtained
       from  the  the  local  files /etc/passwd and /etc/shadow or  from a NIS
       map.

       The options can be added in  the  PAM  configuration  files  for  every
       single   service.    /etc/security/pam_unix2.default   defines,   which
       password encryption algorithm should be used  in  case  of  a  password
       change.

OPTIONS

       The  following  options may be passed to all types of management groups
       except session:

       debug  A lot of debug informations are printed with syslog(3).

       nullok Normally the account is disabled if no password is set or if the
              length  of  the  password  is zero. With this option the user is
              allowed to change the password for such  accounts.  This  option
              does not overwrite a hardcoded default by the calling process.

       use_first_pass
              The  default  is, that pam_unix2 tries to get the authentication
              token from a previous module.  If no  token  is  available,  the
              user is asked for the old password.  With this option, pam_unix2
              aborts with an error if no authentication token from a  previous
              module is available.

       The  following  additional options may be passed to the passwd rules of
       this modules:

       nisdir=<path>
              This options specifies a path to the source files for  NIS  maps
              on  a  NIS master server. If this option is given, the passwords
              of NIS accounts will not be changed  with  yppasswd(1),  instead
              the local passwd and shadow files below <path> will be modified.
              In conjunction with rpasswdd(8)  and  pam_make  rpc.yppasswdd(8)
              can  be  replaced  with a more secure solution on the NIS master
              server.

       use_authtok
              Set the new password to  the  one  provided  by  the  previously
              stacked  password  module.  If this option is not set, pam_unix2
              would ask the user for the new password.

       One of the following options may be passed to the session rules of this
       modules:

       debug  Some  messages  (login  time,  logout time) are logged to syslog
              with priority LOG_DEBUG.

       trace  Some messages (login time, logout time)  are  logged  to  syslog
              with priority LOG_NOTICE.

       none   No messages are logged. This is the default.

       The  acct  management  does  not  recognize any additional options. For
       root, password and login expire are ignored, only on aging  warning  is
       printed. If no shadow information exists, it always returns success.

FILES

       /etc/security/pam_unix2.default

SEE ALSO

       login(1),  passwd(1),  pam.conf(8),  pam.d(8),  pam_pwcheck(8), pam(8),
       rpasswd(1), rpasswdd(8), rpc.yppasswdd(8), yppasswd(1)