valdepeace / libpam-pwdfile Goto Github PK
View Code? Open in Web Editor NEWThis project forked from prapdm/libpam-pwdfile
PAM module allowing authentication via an /etc/passwd-like file
This project forked from prapdm/libpam-pwdfile
PAM module allowing authentication via an /etc/passwd-like file
This pam module provides the authentication service using an own set of user/password pairs. CONFIGURATION ============= simple PAM config ----------------- Just add/change the config file for service to contain the line: auth required pam_pwdfile.so pwdfile=/path/to/passwd_file If your service does more with PAM than auth there will be a fallback to the service "other". If that is not what you want, you can use pam_permit.so or pam_deny.so for that: account required pam_permit.so session required pam_permit.so password required pam_deny.so options ------- * pwdfile=<file> * debug: produce a bit of debug output * nodelay: don't tell the PAM stack to cause a delay on auth failure * flock: use a shared (read) advisory lock on pwdfile, you should better move new versions into place instead * legacy_crypt: see section LEGACY CRYPT PASSWORD FILE ============= The password file basically looks like passwd(5): one line for each user with two or more colon-separated fields. First field contains the username, the second the crypt()ed password. Other fields are optional. crypt()ed passwords in various formats can be generated with mkpasswd from the whois package. LEGACY CRYPT ============ There are two crypt types that are disabled by default: bigcrypt and broken md5_crypt. They are disabled because they use static buffers which is bad when doing PAM authentication using this module in a multithreaded server. All the other crypt types are checked via the systems crypt_r function if available, else with the normal crypt function and the same static-buffer-problem. bigcrypt was used on DEC systems to allow for longer passwords. You can check if your passwd file contains any of these with `cut -d: -f2 passwd-file | egrep '^[^$].{13}'`. Broken md5_crypt is a speciality of big-endian systems. An early implementation of md5_crypt got the byte order wrong here and produced different crypt outputs. You might have some of these crypt hashes in your passwd file only if you created them on a big-endian system. If an md5_crypt hash also worked on a little-endian system (up to and including libpam-pwdfile 0.99) it isn't broken md5_crypt.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.