2004-01-18 17:31:24 +00:00
|
|
|
.\" $Id: conserver.passwd.man,v 1.10 2004/01/08 16:12:33 bryan Exp $
|
|
|
|
.TH CONSERVER.PASSWD 5 "2004/01/08" "conserver-8.1.0" "conserver"
|
2001-07-27 00:05:04 +00:00
|
|
|
.SH NAME
|
2003-09-22 20:49:53 +00:00
|
|
|
conserver.passwd \- user access information for
|
|
|
|
.BR conserver (8)
|
2001-07-27 00:05:04 +00:00
|
|
|
.SH SYNOPSIS
|
2003-09-22 20:49:53 +00:00
|
|
|
.IB username : password
|
2001-07-27 00:05:04 +00:00
|
|
|
.SH DESCRIPTION
|
2003-09-22 20:49:53 +00:00
|
|
|
The
|
|
|
|
.B conserver.passwd
|
|
|
|
file is the user authentication and authorization file for
|
2001-07-27 00:05:04 +00:00
|
|
|
.BR conserver (8).
|
|
|
|
Upon each incoming client connection,
|
2003-09-22 20:49:53 +00:00
|
|
|
.B conserver
|
|
|
|
opens and reads the
|
|
|
|
.B conserver.passwd
|
|
|
|
file, so edits to the file take effect immediately.
|
|
|
|
It reads only until the first
|
|
|
|
.I username
|
|
|
|
match.
|
2001-07-27 00:05:04 +00:00
|
|
|
.PP
|
2001-08-05 04:11:57 +00:00
|
|
|
Blank lines and comment lines (those beginning with a ``#'' and
|
2003-09-22 20:49:53 +00:00
|
|
|
optional leading whitespace) are ignored.
|
|
|
|
Non-ignored lines beginning with whitespace are considered
|
|
|
|
continuations of the previous line.
|
|
|
|
This allows you to span one logical line over
|
2001-08-05 04:11:57 +00:00
|
|
|
many physical lines and insert comments wherever appropriate.
|
|
|
|
.PP
|
2003-09-22 20:49:53 +00:00
|
|
|
Each logical line consists of two colon-separated fields.
|
|
|
|
Leading and trailing white space in each field is ignored.
|
2001-07-27 00:05:04 +00:00
|
|
|
.TP
|
|
|
|
.I username
|
|
|
|
the login name of the authorized user,
|
2003-09-22 20:49:53 +00:00
|
|
|
or the string
|
|
|
|
.RB `` *any* ''
|
|
|
|
to match any user.
|
|
|
|
This is compared against the name sent by the
|
|
|
|
.B console
|
|
|
|
client, based either on the user's identity or on the
|
|
|
|
.B \-l option.
|
|
|
|
Since
|
|
|
|
.B conserver
|
|
|
|
only uses the first
|
|
|
|
.I username
|
|
|
|
match, a
|
|
|
|
.RB `` *any* ''
|
|
|
|
entry will apply to any user
|
2001-07-27 00:05:04 +00:00
|
|
|
without an entry earlier in the file.
|
|
|
|
.TP
|
|
|
|
.I password
|
|
|
|
the encrypted password,
|
2003-09-22 20:49:53 +00:00
|
|
|
or the string
|
|
|
|
.RB `` *passwd* ''
|
|
|
|
to indicate that
|
|
|
|
.B conserver
|
|
|
|
should look up the user's password
|
|
|
|
in the system
|
|
|
|
.BR passwd " (or " shadow ") database."
|
|
|
|
If PAM support has been enabled
|
|
|
|
.RB ( --with-pam ),
|
|
|
|
PAM lookups will be done instead of
|
2004-01-18 17:31:24 +00:00
|
|
|
.BR passwd " (or " shadow ") lookups"
|
|
|
|
(you may need to edit /etc/pam.conf or create /etc/pam.d/conserver).
|
2001-07-27 00:05:04 +00:00
|
|
|
If this field is empty, password checking is bypassed for this user.
|
|
|
|
.SH EXAMPLE
|
2003-09-22 20:49:53 +00:00
|
|
|
.TP 24
|
|
|
|
.B mary:r71mXjfALB5Ak
|
|
|
|
Mary uses the password specified above;
|
2001-07-27 00:05:04 +00:00
|
|
|
it does not matter whether she has a login on the conserver host.
|
|
|
|
.TP
|
2003-09-22 20:49:53 +00:00
|
|
|
.B fred:*passwd*
|
|
|
|
Fred may connect only with his regular login password on the conserver host.
|
2001-07-27 00:05:04 +00:00
|
|
|
.TP
|
2003-09-22 20:49:53 +00:00
|
|
|
.B bozo:*
|
|
|
|
Bozo is only allowed to access a console if his password isn't used (since
|
|
|
|
it's invalid) which means he needs to come from a
|
|
|
|
.B trusted
|
|
|
|
host.
|
2001-07-27 00:05:04 +00:00
|
|
|
.TP
|
2003-09-22 20:49:53 +00:00
|
|
|
.B *any*:*passwd*
|
|
|
|
Anyone not listed above uses their regular login and password.
|
2001-07-27 00:05:04 +00:00
|
|
|
.SH "SEE ALSO"
|
|
|
|
.BR console (1),
|
|
|
|
.BR conserver.cf (5),
|
|
|
|
.BR conserver (8)
|
|
|
|
.SH BUGS
|
|
|
|
.PP
|
|
|
|
There is currently no way provided by the conserver package
|
|
|
|
to generate the encrypted password strings
|
2003-09-22 20:49:53 +00:00
|
|
|
besides copying them from the system
|
|
|
|
.B passwd
|
|
|
|
database or running
|
|
|
|
.BR crypt (3)
|
|
|
|
via C or perl or some other language that supports it.
|