Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 112 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here




       The pam_unix2  PAM  module  is  for  traditional  password
       authentication.  It uses standard calls from the glibc NSS
       libraries to retrieve and set account information as  well
       as  authentication.  Usually this is obtained from the the
       local files /etc/passwd and /etc/shadow, from a  NIS  map,
       from   the  NIS+  passwd.org_dir  table  or  from  a  LDAP

       The options can be added in the  PAM  configuration  files
       for   every   single   service  or  global  in  /etc/secu­


       The following options may be passed to all types  of  man­
       agement groups except session:

       debug  A  lot  of debug informations are printed with sys­

       nullok Normally the account is disabled if no password  is
              set  or if the length of the password is zero. With
              this option the user is allowed to change the pass­
              word  for such accounts. This option does not over­
              write a hardcoded default by the calling process.

              If this option is given, pam_unix2  will  not  make
              the new password available for other modules.

              The  default  is,  that  pam_unix2 tries to get the
              authentication token from a previous module.  If no
              token  is  available, the user is asked for the old
              password.  With this option, pam_unix2 aborts  with
              an error if no authentication token from a previous
              module is available.

              With this list  of  PAM  modules  names,  pam_unix2
              tries to load every module and check, if this knows
              about the user.  This is  important,  if  you  have
              some  users  in a LDAP database and wishes to fall­
              back to traditional password authentication for the
              other   accounts.   For  example  call_modules=win­
              bind,ldap will try  to  authenticate  the  user  at
              first  against  a running winbindd(8).  If the win­
              bind daemon does not know the user, an  authentica­
              tion  with  pam_ldap  is tried. If the user is also
              not known to the LDAP  database,  an  authentiation
              against the normal password database is done.

              This  options  specifies a path to the source files
              for NIS maps on a NIS master server. If this option
              is given, the passwords of NIS accounts will not be
              changed with yppasswd(1), instead the local  passwd
              and  shadow files below <path> will be modified. In
              conjunction   with   rpasswdd(8)    and    pam_make
              rpc.yppasswdd(8) can be replaced with a more secure
              solution on the NIS master server.

              Set the new password to the  one  provided  by  the
              previously  stacked password module. If this option
              is not set, pam_unix2 would ask the  user  for  the
              new password.

       md5    In  the  case of conventional unix databases (which
              store the password encrypted) the md5  argument  is
              used  to do the encryption with the MD5 function as
              opposed to the conventional crypt(3) call.

              As an alternative to md5, the bigcrypt argument can
              be used to encrypt more than the first 8 characters
              of a password with DEC's (Digital Equipment Cooper­
              ation)  `C2' extension to the standard UNIX crypt()

              This is a new password encryption  method  used  by
              OpenBSD and the Openwall Linux distribution.

       One  of the following options may be passed to the session
       rules of this modules:

       debug  Some messages (login time, logout time) are  logged
              to syslog with priority LOG_DEBUG.

       trace  Some  messages (login time, logout time) are logged
              to syslog with priority LOG_NOTICE.

       none   No messages are logged. This is the default.

       The acct management  does  not  recognize  any  additional
       options.  For root, password and login expire are ignored,
       only on aging warning is printed. If no shadow information
       exists, it always returns success.



Looking for a "printer friendly" version?



Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can help in many different ways.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.11 Seconds