Annotation of elwix/config/etc/default/pam.d/README, revision 1.1.1.1
1.1 misho 1:
2: This directory contains configuration files for the Pluggable
3: Authentication Modules (PAM) library.
4:
5: Each file details the module chain for a single service, and must be
6: named after that service. If no configuration file is found for a
7: particular service, the /etc/pam.d/other is used instead. If that
8: file does not exist, /etc/pam.conf is searched for entries matching
9: the specified service or, failing that, the "other" service.
10:
11: See the pam(8) manual page for an explanation of the workings of the
12: PAM library and descriptions of the various files and modules. Below
13: is a summary of the format for the pam.conf and /etc/pam.d/* files.
14:
15: Configuration lines take the following form:
16:
17: module-type control-flag module-path arguments
18:
19: Comments are introduced with a hash mark ('#'). Blank lines and lines
20: consisting entirely of comments are ignored.
21:
22: The meanings of the different fields are as follows:
23:
24: module-type:
25: auth: prompt for a password to authenticate that the user is
26: who they say they are, and set any credentials.
27: account: non-authentication based authorization, based on time,
28: resources, etc.
29: session: housekeeping before and/or after login.
30: password: update authentication tokens.
31:
32: control-flag: How libpam handles success or failure of the module.
33: required: success is required; on failure all remaining
34: modules are run, but the request will be denied.
35: requisite: success is required, and on failure no remaining
36: modules are run.
37: sufficient: success is sufficient, and if no previous required
38: module failed, no remaining modules are run.
39: binding: success is sufficient; on failure all remaining
40: modules are run, but the request will be denied.
41: optional: ignored unless the other modules return PAM_IGNORE.
42:
43: arguments: Module-specific options, plus some generic ones:
44: debug: syslog debug info.
45: no_warn: return no warning messages to the application.
46: Remove this to feed back to the user the
47: reason(s) they are being rejected.
48: use_first_pass: try authentication using password from the
49: preceding auth module.
50: try_first_pass: first try authentication using password from
51: the preceding auth module, and if that fails
52: prompt for a new password.
53: use_mapped_pass: convert cleartext password to a crypto key.
54: expose_account: allow printing more info about the user when
55: prompting.
56:
57: Note that having a "sufficient" module as the last entry for a
58: particular service and module type may result in surprising behaviour.
59: To get the intended semantics, add a "required" entry listing the
60: pam_deny module at the end of the chain.
61:
62: $FreeBSD: src/etc/pam.d/README,v 1.5 2004/06/06 11:46:29 schweikh Exp $
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>