Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
CHECKPASSWORD-PAM(8)		Authentication		  CHECKPASSWORD-PAM(8)

NAME
       checkpassword-pam - PAM-based checkpassword compatible authentication

SYNOPSIS
       checkpassword-pam [-s PAM-SERVICE] [-e|--noenv] -- prog args...

       checkpassword-pam --help

       checkpassword-pam --version

       Additional debugging options (see below):
		   [--debug] [--stdout]

       Additional rarely used options (see below):
		   [-H|--no-chdir-home]

DESCRIPTION
       checkpassword-pam  uses PAM to authenticate the remote user with	check-
       password	protocol.

       checkpassword-style programs are	usually	run by network server programs
       that wish to authenticate remote	user.

       checkpassword-pam  uses PAM service name	specified by PAM_SERVICE envi-
       ronment variable, or by the -s or --service command-line	option.

       After successful	authentication,	if --noenv option  is  not  specified,
       checkpassword-pam  sets	up supplementary groups	of authenticated user,
       its gid,	its uid, and its working directory  (those  values  are	 taken
       from the	system user database).

       Normally, checkpassword-pam switches to user home directory.   If --no-
       chdir-home or -H	option is specified, this step is skipped.   This  op-
       tion  is	useful when you	have automounted home directories, but mail is
       delivered to a central location.

       Finally,	checkpassword-pam executes prog	with args as its arguments.

       -- is used as usual to separate the checkpassword-pam own options  from
       prog options.

       checkpassword-pam  logs	authentication	failures  (or  all actions, if
       --debug option is used) to syslog (or to	stdout,	if --stdout option  is
       used).

ENVIRONMENT VARIABLES
       PAM_SERVICE
	      checkpassword-pam	uses contents of PAM_SERVICE environment vari-
	      able to specify the PAM service name.  This could	 be  overriden
	      by -s option, see	above.

       Before  invoking	 prog,	checkpassword-pam  sets	 environment variables
       USER, HOME, and SHELL to	appropriate  values.   If  --noenv  option  is
       specified, this step is skipped and the variables are left alone.  This
       is needed when you have virtual users which  are	 not  listed  in  your
       /etc/passwd,  and  you  need  to	 only  do  authentication.  Setting up
       process environment is handled by some  other  application  like	 setu-
       idgid.

DEBUGGING
       You  can	turn on	debugging using	the --debug option.  checkpassword-pam
       starts to log all of its	actions	and the	results	of  those  actions  to
       syslog  (or  to	stdout,	 based	on  the	 state of --stdout option, see
       above).

       There is	a way to manually trace	how  the  checkpassword-pam  authenti-
       cates: use the shell redirection	and the	--stdout option.  In this case
       checkpassword-pam reads checkpassword protocol  data  from  stdin,  and
       logs actions to stdout.	You can	trace the authentication for the given
       user and	password with the following command-line (usually as root):

       # echo -e "username\0password\0timestamp\0" \
	 | checkpassword-pam -s	SERVICE	\
	   --debug --stdout -- /usr/bin/id 3<&0

       It will trace the PAM authentication process for	the user username with
       password	 password,  and	run the	id program, which will report the user
       and groups checkpassword-pam switched to.

       The idea	of this	method is courtesy of Mark Delany <markd-at-mira.net>.

BUGS
       If you've found a bug in	checkpasswd-pam, please	report	it  to	check-
       passwd-pam-devel@lists.sourceforge.net

SEE ALSO
       http://checkpasswd-pam.sourceforge.net/

       http://cr.yp.to/checkpwd.html

       "PAM Administrator's Guide" for your operating system.

LEGACY
       There  are  alternate older checkpassword-pam packages available.  They
       are derived from	original DJB's checkpassword  code,  and  usually  are
       less  administrator-friendly  than  this	 version.   You	can tell those
       packages	apart by looking at their version  number:  it	is  less  than
       0.95.

AUTHOR
       This  version  of  checkpassword-pam was	written	from scratch by	Alexey
       Mahotkin	<alexm@hsys.msk.ru>

       checkpassword interface was designed by Daniel J. Bernstein.

GNU/Linux			  22 Sep 2004		  CHECKPASSWORD-PAM(8)

NAME | SYNOPSIS | DESCRIPTION | ENVIRONMENT VARIABLES | DEBUGGING | BUGS | SEE ALSO | LEGACY | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=checkpassword-pam&sektion=8&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help