Setting up a pam_userdb.so based authentication
The pam_userdb.so authentication module uses a Berkeley format DB to hold passwords associated with user names.
To create this DB, you need to install the libdb3-util package, which includes the necessary tools.
|
![/!\](/moin_static163/modern/img/alert.png "/!\"){kind=small}
Please bear in mind that the passwords in this file are *not* encrypted. Anybody with read access to the DB will be able to dump the passwords. Here is how you can setup the pam_userdb.so based authentication:
- Create a text file with the username and password pairs: This file will list all username and password pairs, each username being on a first line, with the associated password on the following line. For example:
user_1 password_of_user_1 user_2 password_of_user_2 ...
- Convert this text file to a Berkeley DB:
db3_load -T -f users_and_passwords_text_file.txt -t hash userpass.db
This will create a Berkeley DB called "userpass.db" which we can use for PAM authentication. - Make sure that only root can read and change this file:
chown root.root userpass.db chmod 0600 userpass.db
Add the call to the PAM module in the appropriate file in /etc/pam.d/:
auth required pam_userdb.so db=/full/path/to/userpass
Please note that the ".db" extension is omitted in the parameter given to the PAM module.