PAM−CONFIG
NAME
pam-config − Adjust common PAM config
files
SYNOPSIS
pam−config [−−debug] [−−list−modules] [−−service service−name] −a | −c | −d | −q [−f] [module−name] | |
pam−config −−version |
DESCRIPTION
pam−config adjusts predefined PAM config files.
OPTIONS
COMMON OPTIONS
−−debug
Print debug messages.
−f, −−force
The new configuration will be activated regardless if there are other local changes.
−−list−modules
Prints out a list of all supported modules to stdout.
−−nullok
Add nullok to all modules which support this.
−−pam−debug
Add debug to all modules which support this.
MODIFIER
OPTIONS
Use the following options to specifiy the action you want
pam−config to apply. They need to be followed by a
supported module option. See the section called
“SUPPORTED PAM MODULES”.
−a, −−add
Add options or new PAM modules to existing PAM configuration files.
−c, −−create
Create new PAM configuration files for plain UNIX authentication, overwriting existing ones.
−d, −−delete
Remove options or PAM modules from existing PAM configuration files.
−q, −−query
Print a list of types and the corresponding module options for the queried PAM module.
−−verify
Do some sanity checks on the current common PAM configuration files.
SUPPORTED
PAM MODULES
This is a list of modules supported by pam−config.
They are split into two categories: global and single
service modules.
GLOBAL MODULES
The global modules get inserted into the common−{account,auth,password,session} files which are included by the single service files.
−−apparmor
Enable/Disable pam_apparmor.so
−−apparmor−debug
Add debug option to all pam_apparmor.so invocations.
−−ccreds
Enable/Disable pam_ccreds.so
−−cracklib
Enable/Disable pam_cracklib.so
−−cracklib−debug
Add debug option to all pam_cracklib.so invocations.
−−cracklib−authtok_type=value
Add authtok_type=value option to pam_cracklib.so.
−−cracklib−retry=value
Add retry=value option to pam_cracklib.so.
−−cracklib−difok=value
Add difok=value option to pam_cracklib.so.
−−cracklib−difignore=value
Add difignore=value option to pam_cracklib.so.
−−cracklib−minlen=value
Add minlen=value option to pam_cracklib.so.
−−cracklib−dcredit=value
Add dcredit=value option to pam_cracklib.so.
−−cracklib−ucredit=value
Add ucredit=value option to pam_cracklib.so.
−−cracklib−lcredit=value
Add lcredit=value option to pam_cracklib.so.
−−cracklib−ocredit=value
Add ocredit=value option to pam_cracklib.so.
−−cracklib−minclass=value
Add minclass=value option to pam_cracklib.so.
−−cracklib−dictpath=value
Add dictpath=value option to pam_cracklib.so.
−−env
Enable/Disable pam_env.so
−−env−debug
Add debug option to all pam_env.so invocations.
−−env−conffile=value
Add conffile=value option to pam_env.so.
−−env−envfile=value
Add envfile=value option to pam_env.so.
−−env−readenv=value
Add readenv=value option to pam_env.so.
−−exec
pam_exec for password management
−−exec−debug
Add debug option to all pam_exec.so invocations.
−−exec−expose_authtok
Add expose_authtok option to all pam_exec.so invocations.
−−exec−seteuid
Add seteuid option to all pam_exec.so invocations.
−−exec−quiet
Add quiet option to all pam_exec.so invocations.
−−exec−log=value
Add log=value option to pam_exec.so.
−−exec−option=value
Add option=value option to pam_exec.so.
−−fp
Enable/Disable pam_fp.so
−−fp−debug
Add debug option to all pam_fp.so invocations.
−−fprint
Enable/Disable pam_fprint.so
−−fprint−debug
Add debug option to all pam_fprint.so invocations.
−−fprintd
Enable/Disable pam_fprintd.so
−−fprintd−debug
Add debug option to all pam_fprintd.so invocations.
−−gnome_keyring
Enable/Disable pam_gnome_keyring.so
−−gnome_keyring−auto_start
Add auto_start option to all pam_gnome_keyring.so invocations.
−−gnome_keyring−only_if=value
Add only_if=value option to pam_gnome_keyring.so.
−−group
Enable/Disable pam_group.so
−−krb5
Enable/Disable pam_krb5.so
−−krb5−debug
Add debug option to all pam_krb5.so invocations.
−−krb5−ignore_unknown_principals
Add ignore_unknown_principals option to all pam_krb5.so invocations.
−−krb5−minimum_uid=value
Add minimum_uid=value option to pam_krb5.so.
−−ldap
Enable/Disable pam_ldap.so
−−ldap−debug
Add debug option to all pam_ldap.so invocations.
−−limits
Enable/Disable pam_limits.so
−−limits−debug
Add debug option to all pam_limits.so invocations.
−−limits−change_uid
Add change_uid option to all pam_limits.so invocations.
−−limits−utmp_early
Add utmp_early option to all pam_limits.so invocations.
−−limits−conf=value
Add conf=value option to pam_limits.so.
−−localuser
Enable/Disable pam_localuser.so
−−localuser−debug
Add debug option to all pam_localuser.so invocations.
−−localuser−file=value
Add file=value option to pam_localuser.so.
−−mkhomedir
Enable/Disable pam_mkhomedir.so
−−mkhomedir−debug
Add debug option to all pam_mkhomedir.so invocations.
−−mkhomedir−silent
Add silent option to all pam_mkhomedir.so invocations.
−−mkhomedir−umask=value
Add umask=value option to pam_mkhomedir.so.
−−mkhomedir−skel=value
Add skel=value option to pam_mkhomedir.so.
−−nam
Enable/Disable pam_nam.so
−−passwdqc
Enable/Disable pam_passwdqc.so
−−passwdqc−ask_oldauthtok
Add ask_oldauthtok option to all pam_passwdqc.so invocations.
−−passwdqc−check_oldauthtok
Add check_oldauthtok option to all pam_passwdqc.so invocations.
−−passwdqc−use_first_pass
Add use_first_pass option to all pam_passwdqc.so invocations.
−−passwdqc−use_authtok
Add use_authtok option to all pam_passwdqc.so invocations.
−−passwdqc−min=value
Add min=value option to pam_passwdqc.so.
−−passwdqc−max=value
Add max=value option to pam_passwdqc.so.
−−passwdqc−passphrase=value
Add passphrase=value option to pam_passwdqc.so.
−−passwdqc−match=value
Add match=value option to pam_passwdqc.so.
−−passwdqc−similar=value
Add similar=value option to pam_passwdqc.so.
−−passwdqc−random=value
Add random=value option to pam_passwdqc.so.
−−passwdqc−enforce=value
Add enforce=value option to pam_passwdqc.so.
−−passwdqc−retry=value
Add retry=value option to pam_passwdqc.so.
−−pkcs11
Enable/Disable pam_pkcs11.so
−−pkcs11−debug
Add debug option to all pam_pkcs11.so invocations.
−−pkcs11−configfile=value
Add configfile=value option to pam_pkcs11.so.
−−pwcheck
Enable/Disable pam_pwcheck.so module in password section.
−−pwcheck−debug
Add debug option to all pam_pwcheck.so invocations.
−−pwcheck−nullok
Add nullok option to all pam_pwcheck.so invocations.
−−pwcheck−cracklib
Add cracklib option to pam_pwcheck.so.
−−pwcheck−no_obscure_checks
Add no_obscure_checks option to pam_pwcheck.so.
−−pwcheck−enforce_for_root
Add enforce_for_root option to pam_pwcheck.so.
−−pwcheck−cracklib_path=path
Add cracklib_path=path to pam_pwcheck.so.
−−pwcheck−maxlen=N
Add maxlen=N to pam_pwcheck.so.
−−pwcheck−minlen=N
Add minlen=N to pam_pwcheck.so.
−−pwcheck−tries=N
Add tries=N to pam_pwcheck.so.
−−pwcheck−remember=N
Add remember=N to pam_pwcheck.so.
−−pwhistory
Enable/Disable pam_pwhistory.so
−−pwhistory−debug
Add debug option to all pam_pwhistory.so invocations.
−−pwhistory−use_authtok
Add use_authtok option to all pam_pwhistory.so invocations.
−−pwhistory−enforce_for_root
Add enforce_for_root option to all pam_pwhistory.so invocations.
−−pwhistory−remember=value
Add remember=value option to pam_pwhistory.so.
−−pwhistory−retry=value
Add retry=value option to pam_pwhistory.so.
−−pwhistory−authtok_type=value
Add authtok_type=value option to pam_pwhistory.so.
−−selinux
Enable/Disable pam_selinux.so
−−selinux−debug
Add debug option to all pam_selinux.so invocations.
−−ssh
Enable/Disable pam_ssh.so
−−ssh−debug
Add debug option to all pam_ssh.so invocations.
−−ssh−nullok
Add nullok option to all pam_ssh.so invocations.
−−ssh−try_first_pass
Add try_first_pass option to all pam_ssh.so invocations.
−−ssh−keyfiles=value
Add keyfiles=value option to pam_ssh.so.
−−sss
Enable/Disable pam_sss.so
−−sss−debug
Add debug option to all pam_sss.so invocations.
−−thinkfinger
Enable/Disable pam_thinkfinger.so
−−thinkfinger−debug
Add debug option to all pam_thinkfinger.so invocations.
−−umask
Add pam_umask.so as optional session module.
−−umask−debug
Add debug option to all pam_umask.so invocations in session management.
−−umask−silent
Add silent option to all pam_umask.so invocations in session management.
−−umask−usergroups
Add usergroups option to all pam_umask.so invocations in session management.
−−umask−umask=mode
Add umask=mode to pam_umask.so.
−−unix
Enable/Disable pam_unix.so
−−unix−debug
Add debug option to all pam_unix.so invocations.
−−unix−audit
Add audit option to all pam_unix.so invocations.
−−unix−nodelay
Add nodelay option to all pam_unix.so invocations.
−−unix−nullok
Add nullok option to all pam_unix.so invocations.
−−unix−shadow
Add shadow option to all pam_unix.so invocations.
−−unix−md5
Add md5 option to all pam_unix.so invocations.
−−unix−bigcrypt
Add bigcrypt option to all pam_unix.so invocations.
−−unix−not_set_pass
Add not_set_pass option to all pam_unix.so invocations.
−−unix−nis
Add nis option to all pam_unix.so invocations.
−−unix−broken_shadow
Add broken_shadow option to all pam_unix.so invocations.
−−unix−remember=value
Add remember=value option to pam_unix.so.
−−unix2
Use pam_unix2.so as standard UNIX PAM module.
−−unix2−nullok
Add nullok option to all pam_unix2.so invocations.
−−unix2−debug
Add debug option to all pam_unix2.so invocations.
−−unix2−trace
Add trace option to pam_unix2.so.
−−unix2−none
Add option none to pam_unix2.so.
−−unix2−call_modules=modules,...
Add call_modules=list of modules to pam_unix2.so.
−−unix2−nisdir=path
Add nisdir=path to pam_unix2.so.
−−winbind
Enable/Disable pam_winbind.so
−−winbind−debug
Add debug option to all pam_winbind.so invocations.
SINGLE SERVICE MODULES
These modules can only be added to single service files. See also the section called “USAGE EXAMPLES”.
−−ck_connector
Enable/Disable pam_ck_connector.so
−−ck_connector−debug
Add debug option to all pam_ck_connector.so invocations.
−−cryptpass
Enable/Disable pam_cryptpass.so
−−csync
Enable/Disable pam_csync.so
−−csync−use_first_pass
Add use_first_pass option to all pam_csync.so invocations.
−−csync−try_first_pass
Add try_first_pass option to all pam_csync.so invocations.
−−csync−soft_try_pass
Add soft_try_pass option to all pam_csync.so invocations.
−−csync−nullok
Add nullok option to all pam_csync.so invocations.
−−csync−debug
Add debug option to all pam_csync.so invocations.
−−csync−silent
Add silent option to all pam_csync.so invocations.
−−lastlog
Enable/Disable pam_lastlog.so
−−lastlog−debug
Add debug option to all pam_lastlog.so invocations.
−−lastlog−silent
Add silent option to all pam_lastlog.so invocations.
−−lastlog−never
Add never option to all pam_lastlog.so invocations.
−−lastlog−nodate
Add nodate option to all pam_lastlog.so invocations.
−−lastlog−nohost
Add nohost option to all pam_lastlog.so invocations.
−−lastlog−noterm
Add noterm option to all pam_lastlog.so invocations.
−−lastlog−nowtmp
Add nowtmp option to all pam_lastlog.so invocations.
−−lastlog−noupdate
Add noupdate option to all pam_lastlog.so invocations.
−−lastlog−showfailed
Add showfailed option to all pam_lastlog.so invocations.
−−loginuid
Enable/Disable pam_loginuid.so
−−loginuid−require_auditd
Add require_auditd option to all pam_loginuid.so invocations.
−−mount
Enable/Disable pam_mount.so
NOTES
The configuration for gobal service modules written by
pam−config is ignored by the system if the
common−{account,auth,password,session} symlinks
don´t point to the
common−{account,auth,password,session}−pc
files.
USAGE
EXAMPLES
pam−config −q
−−unix2
Query state of pam_unix2.so.
pam−config −a −−ldap
Enable ldap authentication.
pam−config −−service gdm −a −−mount
Enable pam_mount.so for service gdm.
pam−config −−debug −a −−force −−umask
Enable pam_umask.so whether installed or not, and print debug information during the process.
SEE ALSO
PAM(8),
pam_unix2(8), pam_pwcheck(8),
pam_mkhomedir(8), pam_limits(8),
pam_env(8), pam_xauth(8),
pam_make(8)
AUTHOR
pam−config was
written by Thorsten Kukuk
<kukuk@thkukuk.de>.
