The
Unix
authentication component provides functions to verify the identity of
a user
(
pam_sm_authenticate()),
which obtains the relevant
passwd(5)
entry.
It prompts the user for a password and verifies that this is correct with
crypt(3).
The following options may be passed to the authentication module:
|
| debug
|
syslog(3)
debugging information at
LOG_DEBUG
level.
|
| use_first_pass
|
| |
If the authentication module is not the first in the stack, and a
previous module obtained the user's password, that password is used to
authenticate the user.
If this fails, the authentication module returns failure without
prompting the user for a password.
This option has no effect if the authentication module is the first in
the stack, or if no previous modules obtained the user's password.
|
| try_first_pass
|
| |
This option is similar to the
use_first_pass
option, except that if the previously obtained password fails, the
user is prompted for another password.
|
| auth_as_self
|
This option will require the user to authenticate themselves as
themselves, not as the account they are attempting to access.
This is primarily for services like
su(1),
where the user's ability to retype their own password might be deemed
sufficient.
|
| nullok
|
If the password database has no password for the entity being
authenticated, then this option will forgo password prompting, and
silently allow authentication to succeed.
NOTE:
If
pam_unix
is invoked by a process that does not have the privileges required to
access the password database (in most cases, this means root
privileges), the
nullok
option may cause
pam_unix
to allow any user to log in with any password.
|
| local_pass
|
Use only the local password database, even if NIS is in use.
This will cause an authentication failure if the system is configured
to only use NIS.
|
| nis_pass
|
Use only the NIS password database.
This will cause an authentication failure if the system is not
configured to use NIS.
|
|
