summaryrefslogtreecommitdiff
path: root/modules/pam_stress/README
blob: e64bf2d3ca6a9f73ec6cdb43644ee3fc7cba0d1c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#
# This describes the behavior of this module with respect to the
# /etc/pam.conf file.
#
# writen by Andrew Morgan <morgan@parc.power.net>
#

This module recognizes the following arguments.

debug		put lots of information in syslog.
		*NOTE* this option writes passwords to syslog, so
		don't use anything sensitive when testing.

no_warn		don't give warnings about things (otherwise warnings are issued
		via the conversation function)

use_first_pass	don't prompt for a password, for pam_sm_authentication
		function just use item PAM_AUTHTOK.

try_first_pass	don't prompt for a password unless there has been no
		previous authentication token (item PAM_AUTHTOK is NULL)

rootok		This is intended for the pam_sm_chauthtok function and
		it instructs this function to permit root to change
		the user's password without entering the old password.

The following arguments are acted on by the module. They are intended
to make the module give the impression of failing as a fully
functioning module might.

expired 	an argument intended for the account and chauthtok module
		parts. It instructs the module to act as if the user's
		password has expired

fail_1		this instructs the module to make its first function fail.

fail_2		this instructs the module to make its second function (if there
		is one) fail.

		The function break up is indicated in the Module
		Developers' Guide. Listed here it is:

		service		function 1		function 2
		-------		----------		----------
		auth		pam_sm_authenticate	pam_sm_setcred
		password	pam_sm_chauthtok
		session		pam_sm_open_session	pam_sm_close_session
		account		pam_sm_acct_mgmt

prelim		for pam_sm_chauthtok, means fail on PAM_PRELIM_CHECK.

required	for pam_sm_chauthtok, means fail if the user hasn't already
		been authenticated by this module. (See stress_new_pwd data
		item below.)

#
# data strings that this module uses are the following:
#

data name		value(s)	Comments
---------		--------	--------
stress_new_pwd		yes		tells pam_sm_chauthtok that
					pam_sm_acct_mgmt says we need a new
					password