calculate
/
gentoo-overlay
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3db3047957'
${ noResults }
gentoo-overlay/sys-freebsd/freebsd-pam-modules/files
History
root 817eb6bf49
Sync with portage [Wed Mar 1 14:54:55 MSK 2017]. 		7 years ago
..
README.pamd Sync with portage [Wed Mar 1 14:54:55 MSK 2017]. 7 years ago
freebsd-pam-modules-6.0-gentoo.patch Automatic update [Wed Nov 9 11:33:18 MSK 2011]. 13 years ago
freebsd-pam-modules-9.0-gentoo.patch Automatic update [Wed Nov 9 11:33:18 MSK 2011]. 13 years ago

README.pamd 

/etc/pam.d



This directory contains configuration files for the Pluggable

Authentication Modules (PAM) library.



Each file details the module chain for a single service, and must be

named after that service.  If no configuration file is found for a

particular service, the /etc/pam.d/other is used instead.  If that

file does not exist, /etc/pam.conf is searched for entries matching

the specified service or, failing that, the "other" service.



See the pam(8) manual page for an explanation of the workings of the

PAM library and descriptions of the various files and modules.  Below

is a summary of the format for the pam.conf and /etc/pam.d/* files.



Configuration lines take the following form:



module-type	control-flag	module-path	arguments



Comments are introduced with a hash mark ('#').  Blank lines and lines

consisting entirely of comments are ignored.



The meanings of the different fields are as follows:



 module-type:

   auth:      prompt for a password to authenticate that the user is

              who they say they are, and set any credentials.

   account:   non-authentication based authorization, based on time,

              resources, etc.

   session:   housekeeping before and/or after login.

   password:  update authentication tokens.



 control-flag: How libpam handles success or failure of the module.

   required:   success is required; on failure all remaining

               modules are run, but the request will be denied.

   requisite:  success is required, and on failure no remaining

               modules are run.

   sufficient: success is sufficient, and if no previous required

               module failed, no remaining modules are run.

   binding:    success is sufficient; on failure all remaining

               modules are run, but the request will be denied.

   optional:   ignored unless the other modules return PAM_IGNORE.



 arguments: Module-specific options, plus some generic ones:

   debug:           syslog debug info.

   no_warn:         return no warning messages to the application.

                    Remove this to feed back to the user the

                    reason(s) they are being rejected.

   use_first_pass:  try authentication using password from the

                    preceding auth module.

   try_first_pass:  first try authentication using password from

                    the preceding auth module, and if that fails

                    prompt for a new password.

   use_mapped_pass: convert cleartext password to a crypto key.

   expose_account:  allow printing more info about the user when

                    prompting.



Note that having a "sufficient" module as the last entry for a

particular service and module type may result in surprising behaviour.

To get the intended semantics, add a "required" entry listing the

pam_deny module at the end of the chain.