Filewatcher File Search File Search
Content Search
» » » » » libpam-pgsql_0.5.2-9+b1_i386.deb » Content »
pkg://libpam-pgsql_0.5.2-9+b1_i386.deb:15812/usr/share/doc/libpam-pgsql/  info  control  downloads

libpam-pgsql - PAM module to authenticate using a PostgreSQL database…  more info»


pam_pgsql 0.5


This module provides support to authenticate against PostgreSQL
tables for PAM-enabled appliations.

This module is based in part on the FreeBSD pam_unix module, and
the Debian pam_mysql module, but was written from scratch using
the two as a reference.

There is another pam_pgsql module, but the sources appear to have
vanished, hence this module.

Changes since last release

See the file debian/changelog.

Compilation & Installation

pam_pgsql is now autoconf'ed, thus, compiling should be a matter

    $ ./configure
    $ make
    $ make install

Compilation has been tested on Debian GNU/Linux and FreeBSD 4.0/5.0

On Debian, you will need the libpam0g-dev, postgresql-dev and libmhash-dev
packages to compile.

On FreeBSD you will have to install the postgresql/postgresql7 port, and
the security/mhash port.

See test.c for an example application that authenticates using
this module.


For the service you wish the module to be used, you need
to edit the /etc/pam.d/<service> file or /etc/pam.conf, and 
add the relevant lines.

For example:

auth        required 
account     required
password    required

Configure the database, and table the module should use with
the configuration file /etc/pam_pgsql.conf. An example of
this file:

database = sysdb
user = ljb
table = account
user_column = user_name
pwd_column = user_password
expired_column = acc_expired
newtok_column = acc_new_pwreq

Note that for backwards compatibility with earlier versions, options specified
in the configuration file can be supplied as module arguments as well. Module
arguments will override the configuration file.

Configuration Options

    database            - the database which should be connected to
    table               - the table containing the authentication data
    host		- the host database server is running on (leave empty for socket)
    port		- the port database server is running on (leave empty for socket)
    user                - the username used when connecting to PostgreSQL
    password            - the password for the user specified
    user_column         - the column containing usernames
    pwd_column          - the column containing the passwords
    expired_column      - this column should contain '1' or 'y' if the account
                          has expired, bool type is OK
    newtok_column       - this column should contain '1' or 'y' if the user
                          needs to change their password, bool type is OK
    debug               - this is a standard module option that will enable
                          debug output to syslog (takes no values)
    pw_type             - specifies the password encryption scheme, can be one
                          of 'clear', 'md5', 'crypt', or 'crypt_md5'. the
                          difference between 'md5' and 'crypt_md5' is that
                          'md5' uses libmhash for hashing while 'crypt_md5'
                          uses crypt() with a special salt to select md5
                          hashing instead of DES. if one of 'crypt' or
                          'crypt_md5' is specified, passwords always are
                          encrypted in the respective format. however,
                          passwords in both formats may be stored in the
                          database, just as with /etc/(passwd|shadow).
                          defaults to 'clear'.
    config_file         - alternative location of configuration file - it should be
			  specified as module argument.
    timeout		- if specified pam-pgsql will wait for timeout
			  seconds before giving up on db connection

There are also additional flags you can use:
    use_authtok		- require authtok from previous entry in PAM stack
			  (useful for "password   required use_authok")
			  after "password required ..."
    try_authtok		- same as previous, but doesn't fail if previous
			  module failed to provide us with password
    use_oldauthtok	- require oldauthtoken to be entere in previous PAM
			  stack call (not really useful)
    try_oldauthtok	- use oldauthtoken from previous PAM stack call (not
			  really useful)
    use_first_pas	- use_authok AND use_oldauthok (provided for not
			  breaking old configurations - deprecated)
    try_first_pass	- try_authok AND try_oldauthok (provided for not
			  breaking old configurations - deprecated)
    echo_pass 		- displays password while being typed
Results 1 - 1 of 1
Help - FTP Sites List - Software Dir.
Search over 15 billion files
© 1997-2017