pam_ldap - PAM module for LDAP-based authentication
This is a PAM module that uses an LDAP server to verify user
access rights and credentials.
- use_first_pass
- Specifies that the PAM module should use the first password provided in
the authentication stack and not prompt the user for a password.
- try_first_pass
- Specifies that the PAM module should use the first password provided in
the authentication stack and if that fails prompt the user for a
password.
- nullok
- Specifying this option allows users to log in with a blank password.
Normally logins without a password are denied.
- ignore_unknown_user
- Specifies that the PAM module should return PAM_IGNORE for users that are
not present in the LDAP directory. This causes the PAM framework to ignore
this module.
- ignore_authinfo_unavail
- Specifies that the PAM module should return PAM_IGNORE if it cannot
contact the LDAP server. This causes the PAM framework to ignore this
module.
- no_warn
- Specifies that warning messages should not be propagated to the PAM
application.
- use_authtok
- This causes the PAM module to use the earlier provided password when
changing the password. The module will not prompt the user for a new
password (it is analogous to use_first_pass).
- debug
- This option causes the PAM module to log debugging information to
syslog(3).
- minimum_uid=UID
- This option causes the PAM module to ignore the user if the user id is
lower than the specified value. This can be used to bypass LDAP checks for
system users (e.g. by setting it to 1000).
All services are provided by this module but currently sessions
changes are not implemented in the nslcd daemon.
- /etc/pam.conf
- the main PAM configuration file
- /etc/nslcd.conf
- The configuration file for the nslcd daemon (see
nslcd.conf(5))
This manual was written by Arthur de Jong
<arthur@arthurdejong.org>.