PAM-AUTH-UPDATE

Section: Maintenance Commands (8)
Updated: 08/23/2008
Index Return to Main Contents
 

NAME

pam-auth-update - manage PAM configuration using packaged profiles  

SYNOPSIS

pam-auth-update [--package [--remove profile [profile...]]] [--force]  

DESCRIPTION

pam-auth-update is a utility that permits configuring the central authentication policy for the system using pre-defined profiles as supplied by PAM module packages. Profiles shipped in the /usr/share/pam-configs/ directory specify the modules, with options, to enable; the preferred ordering with respect to other profiles; and whether a profile should be enabled by default. Packages providing PAM modules register their profiles at install time by calling pam-auth-update --package. Selection of profiles is done using the standard debconf interface. The profile selection question will be asked at `medium' priority when packages are added or removed, so no user interaction is required by default. Users may invoke pam-auth-update directly to change their authentication configuration.

The script makes every effort to respect local changes to /etc/pam.d/common-*. Local modifications to the list of module options will be preserved, and additions of modules within the managed portion of the stack will cause pam-auth-update to treat the config files as locally modified and not make further changes to the config files unless given the --force option.

If the user specifies that pam-auth-update should override local configuration changes, the locally-modified files will be saved in /etc/pam.d/ with a suffix of .pam-old.  

OPTIONS

--package
Indicate that the caller is a package maintainer script; lowers the priority of debconf questions to `medium' so that the user is not prompted by default.
--remove profile [profile...]
Remove the specified profiles from the system configuration. pam-auth-update --remove should be used to remove profiles from the configuration before the modules they reference are removed from disk, to ensure that PAM is in a consistent and usable state at all times during package upgrades or removals.
--force
Overwrite the current PAM configuration, without prompting. This option must not be used by package maintainer scripts; it is intended for use by administrators only.
 

FILES

/etc/pam.d/common-*

Global configuration of PAM, affecting all installed services.

/usr/share/pam-configs/

Package-supplied authentication profiles.
 

AUTHOR

Steve Langasek <steve.langasek@canonical.com>  

COPYRIGHT

Copyright (C) 2008 Canonical Ltd.  

SEE ALSO

PAM(7), pam.d(5), debconf(7)


 

Index

NAME
SYNOPSIS
DESCRIPTION
OPTIONS
FILES
AUTHOR
COPYRIGHT
SEE ALSO

This document was created by man2html, using the manual pages.
Time: 19:49:31 GMT, April 27, 2011