pam_useradd.8.xml

<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">

<refentry id="pam_useradd">

  <refmeta>
    <refentrytitle>pam_useradd</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
  </refmeta>

  <refnamediv id="pam_useradd-name">
    <refname>pam_useradd</refname>
    <refpurpose>PAM module for dynamic user creation module</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis id="pam_useradd-cmdsynopsis">
      <command>pam_useradd.so</command>
      <arg choice="opt">
	debug
      </arg>
      <arg choice="opt">
        ignore
      </arg>
      <arg choice="opt" rep='repeat'>
        users=<replaceable>XXX,YYY,</replaceable>
      </arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id="pam_useradd-description">

    <title>DESCRIPTION</title>

    <para>
      pam_useradd is a PAM module which provides pluggable
      dynamic user creation.
    </para>
    <para>
      This module intercepts the user's name and password. If the name is
      <emphasis>useradd</emphasis> or <emphasis>anonymous</emphasis>, the
      user's password is broken up at the <emphasis>@</emphasis> delimiter
      into a <emphasis>PAM_RUSER</emphasis> and a
      <emphasis>PAM_RHOST</emphasis> part; these pam-items being set
      accordingly. The username (<emphasis>PAM_USER</emphasis>) is set
      to <emphasis>useradd</emphasis>.  In this case the module succeeds.
      Alternatively, the module sets the <emphasis>PAM_AUTHTOK</emphasis>
      item with the entered password and fails.
    </para>
    <para>
      This module is not safe and easily spoofable.
    </para>
  </refsect1>

  <refsect1 id="pam_useradd-options">

    <title>OPTIONS</title>
    <para>
      <variablelist>

        <varlistentry>
          <term>
            <option>debug</option>
          </term>
          <listitem>
            <para>
	      Print debug information.
            </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>
            <option>ignore</option>
          </term>
          <listitem>
            <para>
              Pay no attention to the email address of the user
              (if supplied).
            </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>
            <option>useradd=<replaceable>XXX,YYY,...</replaceable></option>
          </term>
          <listitem>
            <para>
              Instead of <emphasis>useradd</emphasis> or
              <emphasis>anonymous</emphasis>, provide anonymous login
              to the comma separated list of users:
              <option><replaceable>XXX,YYY,...</replaceable></option>.
              Should the applicant enter
              one of these usernames the returned username is set to
              the first in the list: <emphasis>XXX</emphasis>.
            </para>
          </listitem>
	</varlistentry>

      </variablelist>

    </para>
  </refsect1>

  <refsect1 id="pam_useradd-types">
    <title>MODULE TYPES PROVIDED</title>
    <para>
      Only the <option>auth</option> module type is provided.
    </para>
  </refsect1>

  <refsect1 id='pam_useradd-return_values'>
    <title>RETURN VALUES</title>
    <para>
      <variablelist>

        <varlistentry>
          <term>PAM_SUCCESS</term>
          <listitem>
            <para>
              The authentication was successful.
            </para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>PAM_USER_UNKNOWN</term>
          <listitem>
            <para>
	      User not known.
            </para>
          </listitem>
        </varlistentry>

      </variablelist>
    </para>
  </refsect1>

  <refsect1 id='pam_useradd-examples'>
    <title>EXAMPLES</title>
    <para>
      Add the following line to <filename>/etc/pam.d/useradd</filename> to
      handle dynamic user creation on login:
      <programlisting>
auth    sufficient  pam_useradd.so
auth    required    pam_unix.so use_first_pass
auth    required    pam_listfile.so \
           onerr=succeed item=user sense=deny
      </programlisting>
    </para>
  </refsect1>

  <refsect1 id='pam_useradd-see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>

  <refsect1 id='pam_useradd-author'>
    <title>AUTHOR</title>
      <para>
        pam_useradd was written by Lucas Ramage &lt;lramage@cyberninjas.com&gt;.
      </para>
  </refsect1>

</refentry>