pam-config

Langue: en

Version: 08/14/2007 (openSuse - 09/10/07)

Section: 8 (Commandes administrateur)

NAME

pam-config - Adjust common PAM config files

SYNOPSIS

pam-config [--debug] [--list-modules] [--service service-name] -a | -c | -d | -q [-f] [module-name]
pam-config --version

DESCRIPTION

pam-config

adjusts predefined PAM config files.

OPTIONS

COMMON OPTIONS

--debug

Print debug messages.

-f, --force

The new configuration will be activated regardless if there are other local changes.

--list-modules

Prints out a list of all supported modules to stdout.

--nullok

Add nullok to all modules which support this.

--pam-debug

Add debug to all modules which support this.

MODIFIER OPTIONS

Use the following options to specifiy the action you want pam-config to apply. They need to be followed by a supported module option. See the section called "SUPPORTED PAM MODULES".

-a, --add

Add options or new PAM modules to existing PAM configuration files.

-c, --create

Create new PAM configuration files for plain UNIX authentication, overwriting existing ones.

-d, --delete

Remove options or PAM modules from existing PAM configuration files.

-q, --query

Print a list of types and the corresponding module options for the queried PAM module.

SUPPORTED PAM MODULES

This is a list of modules supported by pam-config. They are split into two categories: global and single service modules.


GLOBAL MODULES


The global modules get inserted into the common-{account,auth,password,session} files which are included by the single service files.
--apparmor
Add pam_apparmore.so to session config.

--bioapi

Add pam_bioapi.so to the authentication stack before pam_unix2.so.

--bioapi-options=option

Add option as argument for pam_bioapi.so.

--ccreds

Add pam_ccreds.so after pam_ldap.so or pam_krb5.so.

--cracklib

Enable/Disable pam_cracklib.so module in password section.

--cracklib-debug

Add debug option to all pam_cracklib.so invocations.

--cracklib-retry=N

Add tries=N to pam_cracklib.so.

--cracklib-dictpath=path

Specify path where pam_cracklib.so can find the cracklib dictionaries.

--env

Add pam_env.so as optional module to session section.

--env-conffile=file

Add conffile=file to pam_env.so.

--env-envfile=file

Add envfile=file to pam_env.so.

--env-readenv=0|1

Add readenv=0|1 to pam_env.so.

--krb5

Use pam_krb5.so after pam_unix2.so to all stacks.

--krb5-debug

Add debug option to all pam_krb5.so invocations.

--krb5-minimum_uid=uid

Add minimum_uid option with argument uid to all pam_krb5.so invocations.

--krb5-ignore_unknown_principals

Add ignore_unknown_principals option to all pam_krb5.so invocations.

--ldap

Add pam_ldap.so after pam_unix2.so to all stacks.

--ldap-debug

Add debug option to all pam_ldap.so invocations.

--limits

Add pam_limits.so to session section.

--make

Add pam_make.so as last module to password section.

--make-dir=path

Add path as argument for pam_make.so.

--mkhomedir

Add pam_mkhomedir.so as first module to session section.

--mkhomedir-debug

Add debug option to all pam_mkhomedir.so invocations.

--mkhomedir-silent

Add silent option to all pam_mkhomedir.so invocations.

--mkhomedir-umask=mode

Add umask=mode to pam_mkhomedir.so.

--mkhomedir-skel=skeldir

Add skel=skeldir to pam_mkhomedir.so.

--nam

Add pam_nam.so to all stacks.

--pkcs11

Add pam_pkcs11.so before pam_unix2.so.

--pwcheck

Enable/Disable pam_pwcheck.so module in password section.

--pwcheck-debug

Add debug option to all pam_pwcheck.so invocations.

--pwcheck-nullok

Add nullok option to all pam_pwcheck.so invocations.

--pwcheck-cracklib

Enable cracklib support of pam_pwcheck.so.

--pwcheck-cracklib-path=path

Specify path where pam_pwcheck.so can find the cracklib dictionaries.

--pwcheck-maxlen=N

Add maxlen=N to pam_pwcheck.so.

--pwcheck-minlen=N

Add minlen=N to pam_pwcheck.so.

--pwcheck-tries=N

Add tries=N to pam_pwcheck.so.

--pwcheck-remember=N

Add remember=N to pam_pwcheck.so.

--pwcheck-nisdir=path

Add nisdir=path to pam_pwcheck.so.

--pwcheck-no_obscure_checks

Disable obscure checks of pam_pwcheck.so.

--pwcheck-enforce_for_root

Enforce all checks of pam_pwcheck.so for root.

--thinkfinger

Enable/Disable pam_thinkfinger.so in AUTH stack.

--unix

Use pam_unix.so as standard UNIX PAM module. Note that pam_unix.so and pam_unix2.so are mutually exclusive. If you want to enable pam_unix.so, first remove pam_unix2.so then add this one.

--umask

Add pam_umask.so as optional session module.

--umask-debug

Add debug option to all pam_umask.so invocations in session management.

--umask-silent

Add silent option to all pam_umask.so invocations in session management.

--umask-usergroups

Add usergroups option to all pam_umask.so invocations in session management.

--umask-umask=mode

Add umask=mode to pam_umask.so.

--unix-debug

Add debug option to all pam_unix.so invocations.

--unix-audit

Add audit option to all pam_unix.so invocations. Note that this option overrides debug.

--unix-nullok

Add nullok option to all pam_unix.so invocations.

--unix-bigcrypt

Add bigcrypt option to pam_unix.so in password section.

--unix-md5

Add md5 option to pam_unix.so in password section. Note that this option overrides bigcrypt.

--unix2

Use pam_unix2.so as standard UNIX PAM module.

--unix2-debug

Add debug option to all pam_unix2.so invocations.

--unix2-nullok

Add nullok option to all pam_unix2.so invocations.

--unix2-trace

Add trace option to pam_unix2.so in session section.

--unix2-call_modules=module,...

Add call_modules=module,... as argument to pam_unix2.so.

--winbind

Use pam_winbind.so in all stacks.

--winbind-debug

Add debug option to all pam_winbind.so invocations.


SINGLE SERVICE MODULES


These modules can only be added to single service files. See also the section called "USAGE EXAMPLES".
--ck_connector
Add pam_ck_connector.so to session stack of the specified service file.

--ck_connector-debug

Add debug option to any invocation of pam_ck_connector.so in the specified service file.

--cryptpass

Add pam_cryptpass.so to the session stack of the specified service file.

--cryptpass-password

Add pam_cryptpass.so to the password stack of the specified service file.

--lastlog

Add pam_lastlog.so to the specified service file.

--loginuid

Add pam_loginuid.so to the specified service file.

--loginuid-require_auditd

Add require_auditd to invocations of pam_loginuid.so in the specified service file.

--mount

Add pam_mount.so to auth and session stack of the specified service file.

USAGE EXAMPLES

pam-config -q --unix2

Query state of pam_unix2.so.

pam-config -a --ldap

Enable ldap authentication.

pam-config --service gdm -a --mount

Enable pam_mount.so for service gdm.

pam-config --debug -a --force --umask

Enable pam_umask.so whether installed or not, and print debug information during the process.

SEE ALSO

PAM(8), pam_unix2(8), pam_pwcheck(8), pam_mkhomedir(8), pam_limits(8), pam_env(8), pam_xauth(8), pam_make(8)

AUTHOR

pam-config was written by Thorsten Kukuk <kukuk@thkukuk.de>.