conserver/conserver.cf/conserver.passwd.man

95 lines
2.6 KiB
Groff
Raw Normal View History

2004-01-18 17:31:24 +00:00
.\" $Id: conserver.passwd.man,v 1.10 2004/01/08 16:12:33 bryan Exp $
.TH CONSERVER.PASSWD 5 "2004/01/08" "conserver-8.1.0" "conserver"
2001-07-27 00:05:04 +00:00
.SH NAME
2003-09-22 20:49:53 +00:00
conserver.passwd \- user access information for
.BR conserver (8)
2001-07-27 00:05:04 +00:00
.SH SYNOPSIS
2003-09-22 20:49:53 +00:00
.IB username : password
2001-07-27 00:05:04 +00:00
.SH DESCRIPTION
2003-09-22 20:49:53 +00:00
The
.B conserver.passwd
file is the user authentication and authorization file for
2001-07-27 00:05:04 +00:00
.BR conserver (8).
Upon each incoming client connection,
2003-09-22 20:49:53 +00:00
.B conserver
opens and reads the
.B conserver.passwd
file, so edits to the file take effect immediately.
It reads only until the first
.I username
match.
2001-07-27 00:05:04 +00:00
.PP
2001-08-05 04:11:57 +00:00
Blank lines and comment lines (those beginning with a ``#'' and
2003-09-22 20:49:53 +00:00
optional leading whitespace) are ignored.
Non-ignored lines beginning with whitespace are considered
continuations of the previous line.
This allows you to span one logical line over
2001-08-05 04:11:57 +00:00
many physical lines and insert comments wherever appropriate.
.PP
2003-09-22 20:49:53 +00:00
Each logical line consists of two colon-separated fields.
Leading and trailing white space in each field is ignored.
2001-07-27 00:05:04 +00:00
.TP
.I username
the login name of the authorized user,
2003-09-22 20:49:53 +00:00
or the string
.RB `` *any* ''
to match any user.
This is compared against the name sent by the
.B console
client, based either on the user's identity or on the
.B \-l option.
Since
.B conserver
only uses the first
.I username
match, a
.RB `` *any* ''
entry will apply to any user
2001-07-27 00:05:04 +00:00
without an entry earlier in the file.
.TP
.I password
the encrypted password,
2003-09-22 20:49:53 +00:00
or the string
.RB `` *passwd* ''
to indicate that
.B conserver
should look up the user's password
in the system
.BR passwd " (or " shadow ") database."
If PAM support has been enabled
.RB ( --with-pam ),
PAM lookups will be done instead of
2004-01-18 17:31:24 +00:00
.BR passwd " (or " shadow ") lookups"
(you may need to edit /etc/pam.conf or create /etc/pam.d/conserver).
2001-07-27 00:05:04 +00:00
If this field is empty, password checking is bypassed for this user.
.SH EXAMPLE
2003-09-22 20:49:53 +00:00
.TP 24
.B mary:r71mXjfALB5Ak
Mary uses the password specified above;
2001-07-27 00:05:04 +00:00
it does not matter whether she has a login on the conserver host.
.TP
2003-09-22 20:49:53 +00:00
.B fred:*passwd*
Fred may connect only with his regular login password on the conserver host.
2001-07-27 00:05:04 +00:00
.TP
2003-09-22 20:49:53 +00:00
.B bozo:*
Bozo is only allowed to access a console if his password isn't used (since
it's invalid) which means he needs to come from a
.B trusted
host.
2001-07-27 00:05:04 +00:00
.TP
2003-09-22 20:49:53 +00:00
.B *any*:*passwd*
Anyone not listed above uses their regular login and password.
2001-07-27 00:05:04 +00:00
.SH "SEE ALSO"
.BR console (1),
.BR conserver.cf (5),
.BR conserver (8)
.SH BUGS
.PP
There is currently no way provided by the conserver package
to generate the encrypted password strings
2003-09-22 20:49:53 +00:00
besides copying them from the system
.B passwd
database or running
.BR crypt (3)
via C or perl or some other language that supports it.