PAM-AUTH-UPDATE(8) System Manager's Manual PAM-AUTH-UPDATE(8)
NAME
pam-auth-update - manage PAM configuration using packaged profiles
SYNOPSIS
pam-auth-update [--package [--remove profile [profile...]]] [--force]
[--enable profile [profile...]] [--disable profile [profile...]]
DESCRIPTION
pam-auth-update is a utility that permits configuring the central au-
thentication policy for the system using pre-defined profiles as sup-
plied by PAM module packages. Profiles shipped in the
/usr/share/pam-configs/ directory specify the modules, with options, to
enable; the preferred ordering with respect to other profiles; and
whether a profile should be enabled by default. Packages providing PAM
modules register their profiles at install time by calling pam-auth-up-
date --package. Selection of profiles is done using the standard deb-
conf interface. The profile selection question will be asked at
`medium' priority when packages are added or removed, so no user inter-
action is required by default. Users may invoke pam-auth-update di-
rectly to change their authentication configuration.
The script makes every effort to respect local changes to
/etc/pam.d/common-*. Local modifications to the list of module options
will be preserved, and additions of modules within the managed portion
of the stack will cause pam-auth-update to treat the config files as
locally modified and not make further changes to the config files un-
less given the --force option.
If the user specifies that pam-auth-update should override local con-
figuration changes, the locally-modified files will be saved in
/etc/pam.d/ with a suffix of .pam-old.
OPTIONS
--package
Indicate that the caller is a package maintainer script; lowers
the priority of debconf questions to `medium' so that the user
is not prompted by default.
--disable profile [profile...]
Disable the specified profiles in system configuration. This
can be used from system administration scripts to disable pro-
files.
--enable profile [profile...]
Enable the specified profiles in system configuration. This is
used to enable profiles that are not on by default.
--remove profile [profile...]
Remove the specified profiles from the system configuration.
pam-auth-update --remove should be used to remove profiles from
the configuration before the modules they reference are removed
from disk, to ensure that PAM is in a consistent and usable
state at all times during package upgrades or removals.
--force
Overwrite the current PAM configuration, without prompting.
This option must not be used by package maintainer scripts; it
is intended for use by administrators only.
FILES
/etc/pam.d/common-*
Global configuration of PAM, affecting all installed services.
/usr/share/pam-configs/
Package-supplied authentication profiles.
AUTHOR
Steve Langasek <steve.langasek@canonical.com>
COPYRIGHT
Copyright (C) 2008 Canonical Ltd.
SEE ALSO
PAM(7), pam.d(5), debconf(7)
Debian 08/23/2008 PAM-AUTH-UPDATE(8)
Generated by dwww version 1.15 on Fri Jun 21 07:34:31 CEST 2024.