Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pam_unix2(8) [suse man page]

pam_unix2(8)							 Reference Manual						      pam_unix2(8)

NAME

       pam_unix2 - Standard PAM module for traditional password authentication

DESCRIPTION

       The  pam_unix2  PAM  module is for traditional password authentication. It uses standard calls from the glibc NSS libraries to retrieve and
       set account information as well as authentication. Usually this is obtained from the the local files /etc/passwd and /etc/shadow or  from a
       NIS map.

       The  options  can be added in the PAM configuration files for every single service.  /etc/default/passwd defines, which password encryption
       algorithm should be used in case of a password change.

OPTIONS

       The following options may be passed to all types of management groups except session:

       debug  A lot of debug informations are printed with syslog(3).

       nullok Normally the account is disabled if no password is set or if the length of the password is  zero.  With  this  option  the  user	is
	      allowed to change the password for such accounts. This option does not overwrite a hardcoded default by the calling process.

       use_first_pass
	      The  default is, that pam_unix2 tries to get the authentication token from a previous module.  If no token is available, the user is
	      asked for the old password.  With this option, pam_unix2 aborts with an error if no authentication token from a previous	module	is
	      available.

       The following additional options may be passed to the passwd rules of this modules:

       nisdir=<path>
	      This options specifies a path to the source files for NIS maps on a NIS master server. If this option is given, the passwords of NIS
	      accounts will not be changed with yppasswd(1), instead the local passwd and shadow files below <path> will be modified. In  conjunc-
	      tion with rpasswdd(8) and pam_make rpc.yppasswdd(8) can be replaced with a more secure solution on the NIS master server.

       use_authtok
	      Set  the	new password to the one provided by the previously stacked password module. If this option is not set, pam_unix2 would ask
	      the user for the new password.

       One of the following options may be passed to the session rules of this modules:

       debug  Some messages (login time, logout time) are logged to syslog with priority LOG_DEBUG.

       trace  Some messages (login time, logout time) are logged to syslog with priority LOG_NOTICE.

       none   No messages are logged. This is the default.

       The acct management does not recognize any additional options. For root, password and login expire are ignored, only on	aging  warning	is
       printed. If no shadow information exists, it always returns success.

FILES

       /etc/default/passwd

SEE ALSO

       login(1), passwd(1), pam.conf(8), pam.d(8), pam_pwcheck(8), pam(8), rpasswd(1), rpasswdd(8), rpc.yppasswdd(8), yppasswd(1)

pam_unix2							    August 2006 						      pam_unix2(8)

Check Out this Related Man Page

yppasswd(1)							   User Commands						       yppasswd(1)

NAME

       yppasswd - change your network password in the NIS database

SYNOPSIS

       yppasswd [username]

DESCRIPTION

       The  yppasswd utility changes the network password  associated with the user username in the Network Information Service (NIS) database. If
       the user has done a keylogin(1), and a publickey/secretkey pair exists for the user in the NIS  publickey.byname  map,  yppasswd  also  re-
       encrypts the secretkey with the new password. The NIS password may be different from the local one on your own machine.

       yppasswd  prompts  for  the old	NIS password, and then for the new one. You must type in the old password correctly for the change to take
       effect. The new password must be typed twice, to forestall mistakes.

       New passwords must be at least four characters long, if they use a sufficiently rich alphabet, and at least six characters  long  if  mono-
       case. These rules are relaxed if you are insistent enough. Only the owner of the name or the super-user may change a password; superuser on
       the root master will not be prompted for the old password, and does not need to follow password construction requirements.

       The NIS password daemon, rpc.yppasswdd must be running on your NIS server in order for the new password to take effect.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWnisu			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       keylogin(1), login(1), nis+(1), nispasswd(1), passwd(1), getpwnam(3C), getspnam(3C), secure_rpc(3NSL), nsswitch.conf(4), attributes(5)

WARNINGS

       Even after the user has successfully changed his or her password using this command, the subsequent login(1) using the new password will be
       successful only if the user's password and shadow information is obtained from NIS. See getpwnam(3C), getspnam(3C), and nsswitch.conf(4).

NOTES

       The use of yppasswd is discouraged, as it is now only a wrapper around the passwd(1) command, which should be used instead. Using passwd(1)
       with the -r nis option (see nis+(1)) will achieve the same results, and will be consistent across all the different  name  services  avail-
       able.

BUGS

       The  update protocol passes all the information to the server in one RPC call, without ever looking at it. Thus, if you type your old pass-
       word incorrectly, you will not be notified until after you have entered your new password.

SunOS 5.10							    28 Nov 2001 						       yppasswd(1)
Man Page