Single ldap account, different passwords? Post: 302886577

2 More Discussions You Might Find Interesting

1. AIX

How do I enable 16MB pages for an account that uses LDAP?

With an account that uses "Login AUTHENTICATION GRAMMAR" = "LDAP", I get this when trying to enable 16 MB page support: -bash-3.00# chuser capabilities=CAP_BYPASS_RAC_VMM,CAP_PROPAGATE trbld Error changing "capabilities" to "CAP_BYPASS_RAC_VMM,CAP_PROPAGATE" : Value is invalid. I also tried...

2. UNIX for Dummies Questions & Answers

One account with multiple passwords

Hi I am currently using saslauthd to authenticate users onto an imap server (cyrus). I need to have it so that a user can logon to an account with multiple passwords (even just two would work). Is this at all possible within linux? Right now I am using the shadow file for authentication with...

LEARN ABOUT REDHAT

passwd

PASSWD(5)							   File formats 							 PASSWD(5)

NAME

       passwd - password file

DESCRIPTION

       Passwd  is  a text file, that contains a list of the system's accounts, giving for each account some useful information like user ID, group
       ID, home directory, shell, etc.	Often, it also contains the encrypted passwords for each account.  It should have general read	permission
       (many utilities, like ls(1) use it to map user IDs to user names), but write access only for the superuser.

       In  the	good old days there was no great problem with this general read permission.  Everybody could read the encrypted passwords, but the
       hardware was too slow to crack a well-chosen password, and moreover, the basic assumption used to be that  of  a  friendly  user-community.
       These  days  many  people  run some version of the shadow password suite, where /etc/passwd has *'s instead of encrypted passwords, and the
       encrypted passwords are in /etc/shadow which is readable by the superuser only.

       Regardless of whether shadow passwords are used, many sysadmins use a star in the encrypted password field to make sure that this user  can
       not authenticate him- or herself using a password. (But see the Notes below.)

       If you create a new login, first put a star in the password field, then use passwd(1) to set it.

       There is one entry per line, and each line has the format:

	      account:password:UID:GID:GECOS:directory:shell

       The field descriptions are:

	      account	the name of the user on the system.  It should not contain capital letters.

	      password	the encrypted user password or a star.

	      UID	the numerical user ID.

	      GID	the numerical primary group ID for this user.

	      GECOS	This  field  is  optional and only used for informational purposes.  Usually, it contains the full user name.  GECOS means
			General Electric Comprehensive Operating System, which has been renamed to GCOS when GE's large systems division was  sold
			to Honeywell.  Dennis Ritchie has reported: "Sometimes we sent printer output or batch jobs to the GCOS machine.  The gcos
			field in the password file was a place to stash the information for the $IDENTcard.  Not elegant."

	      directory the user's $HOME directory.

	      shell	the program to run at login (if empty, use /bin/sh).  If set to a non-existing executable, the	user  will  be	unable	to
			login through login(1).

NOTE

       If you want to create user groups, their GIDs must be equal and there must be an entry in /etc/group, or no group will exist.

       If  the	encrypted  password  is  set  to a star, the user will be unable to login using login(1), but may still login using rlogin(1), run
       existing processes and initiate new ones through rsh(1), cron(1), at(1), or mail filters, etc.  Trying to lock an account by simply  chang-
       ing the shell field yields the same result and additionally allows the use of su(1).

FILES

       /etc/passwd

SEE ALSO

       passwd(1), login(1), su(1), group(5), shadow(5)

								    1998-01-05								 PASSWD(5)