Rechercher une page de manuel
pam-config
Langue: en
Version: 08/14/2007 (openSuse - 09/10/07)
Section: 8 (Commandes administrateur)
Sommaire
NAME
pam-config - Adjust common PAM config filesSYNOPSIS
- pam-config [--debug] [--list-modules] [--service service-name] -a | -c | -d | -q [-f] [module-name]
- pam-config --version
DESCRIPTION
pam-config
- adjusts predefined PAM config files.
OPTIONS
COMMON OPTIONS
--debug
- Print debug messages.
-f, --force
- The new configuration will be activated regardless if there are other local changes.
--list-modules
- Prints out a list of all supported modules to stdout.
--nullok
- Add nullok to all modules which support this.
--pam-debug
- Add debug to all modules which support this.
MODIFIER OPTIONS
Use the following options to specifiy the action you want pam-config to apply. They need to be followed by a supported module option. See the section called "SUPPORTED PAM MODULES".
-a, --add
- Add options or new PAM modules to existing PAM configuration files.
-c, --create
- Create new PAM configuration files for plain UNIX authentication, overwriting existing ones.
-d, --delete
- Remove options or PAM modules from existing PAM configuration files.
-q, --query
- Print a list of types and the corresponding module options for the queried PAM module.
SUPPORTED PAM MODULES
This is a list of modules supported by pam-config. They are split into two categories: global and single service modules.
GLOBAL MODULES
The global modules get inserted into the common-{account,auth,password,session} files which are included by the single service files.
--apparmor-
- Add pam_apparmore.so to session config.
--bioapi
- Add pam_bioapi.so to the authentication stack before pam_unix2.so.
--bioapi-options=option
- Add option as argument for pam_bioapi.so.
--ccreds
- Add pam_ccreds.so after pam_ldap.so or pam_krb5.so.
--cracklib
- Enable/Disable pam_cracklib.so module in password section.
--cracklib-debug
- Add debug option to all pam_cracklib.so invocations.
--cracklib-retry=N
- Add tries=N to pam_cracklib.so.
--cracklib-dictpath=path
- Specify path where pam_cracklib.so can find the cracklib dictionaries.
--env
- Add pam_env.so as optional module to session section.
--env-conffile=file
- Add conffile=file to pam_env.so.
--env-envfile=file
- Add envfile=file to pam_env.so.
--env-readenv=0|1
- Add readenv=0|1 to pam_env.so.
--krb5
- Use pam_krb5.so after pam_unix2.so to all stacks.
--krb5-debug
- Add debug option to all pam_krb5.so invocations.
--krb5-minimum_uid=uid
- Add minimum_uid option with argument uid to all pam_krb5.so invocations.
--krb5-ignore_unknown_principals
- Add ignore_unknown_principals option to all pam_krb5.so invocations.
--ldap
- Add pam_ldap.so after pam_unix2.so to all stacks.
--ldap-debug
- Add debug option to all pam_ldap.so invocations.
--limits
- Add pam_limits.so to session section.
--make
- Add pam_make.so as last module to password section.
--make-dir=path
- Add path as argument for pam_make.so.
--mkhomedir
- Add pam_mkhomedir.so as first module to session section.
--mkhomedir-debug
- Add debug option to all pam_mkhomedir.so invocations.
--mkhomedir-silent
- Add silent option to all pam_mkhomedir.so invocations.
--mkhomedir-umask=mode
- Add umask=mode to pam_mkhomedir.so.
--mkhomedir-skel=skeldir
- Add skel=skeldir to pam_mkhomedir.so.
--nam
- Add pam_nam.so to all stacks.
--pkcs11
- Add pam_pkcs11.so before pam_unix2.so.
--pwcheck
- Enable/Disable pam_pwcheck.so module in password section.
--pwcheck-debug
- Add debug option to all pam_pwcheck.so invocations.
--pwcheck-nullok
- Add nullok option to all pam_pwcheck.so invocations.
--pwcheck-cracklib
- Enable cracklib support of pam_pwcheck.so.
--pwcheck-cracklib-path=path
- Specify path where pam_pwcheck.so can find the cracklib dictionaries.
--pwcheck-maxlen=N
- Add maxlen=N to pam_pwcheck.so.
--pwcheck-minlen=N
- Add minlen=N to pam_pwcheck.so.
--pwcheck-tries=N
- Add tries=N to pam_pwcheck.so.
--pwcheck-remember=N
- Add remember=N to pam_pwcheck.so.
--pwcheck-nisdir=path
- Add nisdir=path to pam_pwcheck.so.
--pwcheck-no_obscure_checks
- Disable obscure checks of pam_pwcheck.so.
--pwcheck-enforce_for_root
- Enforce all checks of pam_pwcheck.so for root.
--thinkfinger
- Enable/Disable pam_thinkfinger.so in AUTH stack.
--unix
- Use pam_unix.so as standard UNIX PAM module. Note that pam_unix.so and pam_unix2.so are mutually exclusive. If you want to enable pam_unix.so, first remove pam_unix2.so then add this one.
--umask
- Add pam_umask.so as optional session module.
--umask-debug
- Add debug option to all pam_umask.so invocations in session management.
--umask-silent
- Add silent option to all pam_umask.so invocations in session management.
--umask-usergroups
- Add usergroups option to all pam_umask.so invocations in session management.
--umask-umask=mode
- Add umask=mode to pam_umask.so.
--unix-debug
- Add debug option to all pam_unix.so invocations.
--unix-audit
- Add audit option to all pam_unix.so invocations. Note that this option overrides debug.
--unix-nullok
- Add nullok option to all pam_unix.so invocations.
--unix-bigcrypt
- Add bigcrypt option to pam_unix.so in password section.
--unix-md5
- Add md5 option to pam_unix.so in password section. Note that this option overrides bigcrypt.
--unix2
- Use pam_unix2.so as standard UNIX PAM module.
--unix2-debug
- Add debug option to all pam_unix2.so invocations.
--unix2-nullok
- Add nullok option to all pam_unix2.so invocations.
--unix2-trace
- Add trace option to pam_unix2.so in session section.
--unix2-call_modules=module,...
- Add call_modules=module,... as argument to pam_unix2.so.
--winbind
- Use pam_winbind.so in all stacks.
--winbind-debug
- Add debug option to all pam_winbind.so invocations.
SINGLE SERVICE MODULES
These modules can only be added to single service files. See also the section called "USAGE EXAMPLES".
--ck_connector-
- Add pam_ck_connector.so to session stack of the specified service file.
--ck_connector-debug
- Add debug option to any invocation of pam_ck_connector.so in the specified service file.
--cryptpass
- Add pam_cryptpass.so to the session stack of the specified service file.
--cryptpass-password
- Add pam_cryptpass.so to the password stack of the specified service file.
--lastlog
- Add pam_lastlog.so to the specified service file.
--loginuid
- Add pam_loginuid.so to the specified service file.
--loginuid-require_auditd
- Add require_auditd to invocations of pam_loginuid.so in the specified service file.
--mount
- Add pam_mount.so to auth and session stack of the specified service file.
USAGE EXAMPLES
pam-config -q --unix2
- Query state of pam_unix2.so.
pam-config -a --ldap
- Enable ldap authentication.
pam-config --service gdm -a --mount
- Enable pam_mount.so for service gdm.
pam-config --debug -a --force --umask
- Enable pam_umask.so whether installed or not, and print debug information during the process.
SEE ALSO
PAM(8), pam_unix2(8), pam_pwcheck(8), pam_mkhomedir(8), pam_limits(8), pam_env(8), pam_xauth(8), pam_make(8)
AUTHOR
pam-config was written by Thorsten Kukuk <kukuk@thkukuk.de>.
Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre