NAME

pam_opendirectory — OpenDirectory PAM module

SYNOPSIS

[service-name] function-class control-flag pam_opendirectory [options]

DESCRIPTION

The OpenDirectory PAM module supports the authentication, account management and password management function classes. In terms of the function-class parameter, these are “auth”, “account” and “password” respectively.

The OpenDirectory Authentication Module

The OpenDirectory authentication module permits or denies users based on OpenDirectory password authentication.

The following option may be passed to this authentication module:

nullok: Allow null passwords.

The OpenDirectory Account Management Module

The OpenDirectory account management module permits or denies users based whether the account is enabled in OpenDirectory.

The following option may be passed to this account management module:

no_check_shell: Skip validating the user's shell.
no_check_home: Skip validating the user's home directory.
refresh=min: Sets the mbr_check_membership(3) cache timeout to min minutes. When this option is used, the min value must be specified, and it must be an integer.

The OpenDirectory Password Management Module

The OpenDirectory password management module supports password changing and enforces the OpenDirectory password policy.