Setting up a pam_userdb.so based authentication

The pam_userdb.so authentication module uses a Berkeley format DB to hold passwords associated with user names.

To create this DB, you need to install the libdb3-util package, which includes the necessary tools.

Please bear in mind that the passwords in this file are not encrypted. Anybody with read access to the DB will be able to dump the passwords.

Here is how you can setup the pam_userdb.so based authentication:

  • Create a text file with the username and password pairs:

This file will list all username and password pairs, each username being on a first line, with the associated password on the following line.

For example:

user_1
password_of_user_1
user_2
password_of_user_2
...
  • Convert this text file to a Berkeley DB:

    db3_load -T -f users_and_passwords_text_file.txt -t hash userpass.db
    

This will create a Berkeley DB called “userpass.db” which we can use for PAM authentication.

  • Make sure that only root can read and change this file:

    chown root.root userpass.db
    chmod 0600 userpass.db
    
  • Add the call to the PAM module in the appropriate file in /etc/pam.d/:

    auth   required    pam_userdb.so    db=/full/path/to/userpass
    

Please note that the “.db” extension is omitted in the parameter given to the PAM module.


License : CC-BY