2002-09-23 14:31:15 -07:00
|
|
|
.\" $Id: conserver.passwd.man,v 1.6 2002-09-23 14:15:53-07 bryan Exp $
|
2001-07-26 17:05:04 -07:00
|
|
|
.TH CONSERVER.PASSWD 5 "Local"
|
|
|
|
|
.SH NAME
|
|
|
|
|
conserver.passwd \- user access information for conserver(8)
|
|
|
|
|
.SH SYNOPSIS
|
|
|
|
|
.br
|
|
|
|
|
\fIusername\fB:\fIpassword\fB:\fIconsoles\fR
|
|
|
|
|
.SH DESCRIPTION
|
|
|
|
|
The \fBconserver.passwd\fP file
|
|
|
|
|
is the user authentication and authorization file for
|
|
|
|
|
.BR conserver (8).
|
|
|
|
|
Upon each incoming client connection,
|
|
|
|
|
\fBconserver\fP opens and reads the \fBconserver.passwd\fP file,
|
|
|
|
|
so edits to the file take effect immediately.
|
|
|
|
|
It reads only until the first \fIusername\fP match.
|
|
|
|
|
.PP
|
2001-08-04 21:11:57 -07:00
|
|
|
Blank lines and comment lines (those beginning with a ``#'' and
|
|
|
|
|
optional leading whitespace) are ignored. Non-ignored lines
|
|
|
|
|
beginning with whitespace are considered continuations of the
|
|
|
|
|
previous line. This allows you to span one logical line over
|
|
|
|
|
many physical lines and insert comments wherever appropriate.
|
|
|
|
|
.PP
|
|
|
|
|
Each logical line consists of three colon-separated fields.
|
|
|
|
|
Leading and trailing white space in each
|
|
|
|
|
field is ignored.
|
2001-07-26 17:05:04 -07:00
|
|
|
.TP
|
|
|
|
|
.I username
|
|
|
|
|
the login name of the authorized user,
|
|
|
|
|
or the string ``\fB*any*\fP'' to match any user.
|
|
|
|
|
This is compared against the name sent by the \fBconsole\fP client,
|
|
|
|
|
based either on the user's identity or on the \fB\-l\fP option.
|
|
|
|
|
Since \fBconserver\fP only uses the first \fIusername\fP match,
|
|
|
|
|
an ``\fB*any*\fP'' entry will apply to any user
|
|
|
|
|
without an entry earlier in the file.
|
|
|
|
|
.TP
|
|
|
|
|
.I password
|
|
|
|
|
the encrypted password,
|
|
|
|
|
or the string ``\fB*passwd*\fP''
|
|
|
|
|
to indicate that \fBconserver\fP should look up the user's password
|
2002-09-23 14:31:15 -07:00
|
|
|
in the system \fBpasswd\fP (or \fBshadow\fP) database. If PAM
|
|
|
|
|
support has been enabled (\fB--with-pam\fP), PAM lookups will be done instead
|
|
|
|
|
of \fBpasswd\fP (or \fBshadow\fP) lookups.
|
2001-07-26 17:05:04 -07:00
|
|
|
If this field is empty, password checking is bypassed for this user.
|
|
|
|
|
.TP
|
|
|
|
|
.I consoles
|
|
|
|
|
a comma- and/or space-separated list of consoles
|
|
|
|
|
to which the user is permitted to connect,
|
|
|
|
|
or the string ``\fBany\fP'' to allow access to any console.
|
|
|
|
|
These names must match the console names in the \fBconserver.cf\fP file.
|
2002-03-25 18:03:03 -08:00
|
|
|
If regular expression support was compiled in using --with-regex, the
|
|
|
|
|
names here are treated as regular expressions.
|
2001-07-26 17:05:04 -07:00
|
|
|
.SH EXAMPLE
|
|
|
|
|
.TP 30
|
|
|
|
|
\fBmary:r71mXjfALB5Ak:any\fP
|
|
|
|
|
Mary may connect to any console if her password matches;
|
|
|
|
|
it does not matter whether she has a login on the conserver host.
|
|
|
|
|
.TP
|
|
|
|
|
\fBfred:*passwd*:foo.example.com,bar.example.com\fP
|
|
|
|
|
Fred may connect only to the listed consoles,
|
|
|
|
|
and only with his regular login password on the conserver host.
|
|
|
|
|
.TP
|
|
|
|
|
\fBbozo:*:\fP
|
|
|
|
|
Bozo is not allowed access to any consoles.
|
|
|
|
|
.TP
|
|
|
|
|
\fB*any*:*passwd*:any\fP
|
|
|
|
|
Anyone not listed above may access any console
|
|
|
|
|
if they have a regular login and know the password.
|
|
|
|
|
.SH "SEE ALSO"
|
|
|
|
|
.BR console (1),
|
|
|
|
|
.BR conserver.cf (5),
|
|
|
|
|
.BR conserver (8)
|
|
|
|
|
.SH BUGS
|
|
|
|
|
.PP
|
|
|
|
|
There is currently no way provided by the conserver package
|
|
|
|
|
to generate the encrypted password strings
|
|
|
|
|
besides copying them from the system \fBpasswd\fP database.
|
