NAME

       auth-client-config - pam and NSS profile switcher

DESCRIPTION

       This  program  updates  nsswitch.conf and pam configuration files to aid in authentication configuration.
       If the existing nsswitch.conf and pam system configuration does  not  exist  in  the  profiles  database,
       auth-client-config  will  comment  out  the  current  configuration in such a way that the changes can be
       undone by auth-client-config with the -r option.

USAGE

       auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE]

       auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE]

       auth-client-config -p PROFILE -a -t TYPE -s [-f FILE]

OPTIONS

       --version
              show program's version number and exit

       -h, --help
              show this help message and exit

       -a, --all-types
              apply all types for specified profile

       -d, --database-only
              update file(s) only if current entries are in database

       -f FILE, --file=FILE
              update FILE instead of default

       -l, --list-profiles
              list available profiles

       -L, --list-types
              list available types

       -n, --dry-run
              don't modify anything, just show the changes

       -p PROFILE, --profile=PROFILE (required)
              use PROFILE

       -r, --reset
              reset file(s) to previous non-auth-client-config values.  Will  not  remove  the  current  entries
              unless they match PROFILE

       -s, --check-system
              determine if system files are set to PROFILE

       -S, --show-system
              show current system settings as a profile

       -t TYPE, --type=TYPE
              modify files for TYPE. Multiple types can be specified with a comma separated list.

PROFILES DATABASE

       Each  time  auth-client-config is run, it will check the profiles database (by default, /etc/auth-client-
       config/profile.d) for authentication profiles.  Files may be added to the profiles database directory  to
       support  custom  authentication  configurations.   This  is  useful for a distribution maintainer to have
       his/her authentication package put an authentication profile into the profiles database,  and  then  have
       his/her  package  use  auth-client-config  to  update  the  system  configuration.  It also allows for an
       administrator to set up a single profile for site-wide network authentication roll-outs.

       The files in the profiles database use the .INI configuration file standard, and the syntax is:

         [example]
         nss_passwd=nsswitch.conf entry for 'passwd'
         nss_group=nsswitch.conf entry for 'group
         nss_shadow=nsswitch.conf entry for 'shadow'
         nss_netgroup=nsswitch.conf entry for 'netgroup'
         pam_auth=pam entry/entries for 'auth'
         pam_account=pam entry/entries for 'account'
         pam_password=pam entry/entries for 'password'
         pam_session=pam entry/entries for 'session'

       If you need to specify multiple entries for a specific type (which is often  the  case  with  PAM),  then
       simply  list  additional  entries  on  a  newline  preceded  by  a  tab.  For example, an entry for local
       configuration might be:

         [example_local]
         nss_passwd=passwd: files
         nss_group=group: files
         nss_shadow=shadow: files
         nss_netgroup=netgroup: nis
         pam_auth=auth    required        pam_unix.so nullok_secure debug
         pam_account=account required        pam_unix.so debug
         pam_password=password   required   pam_unix.so nullok obscure \
           min=4 max=8 md5 debug
         pam_session=session required        pam_unix.so debug
                session optional        pam_foreground.so

       Notice how in the above, pam_session has two entries (pam_password in this example should be all  on  one
       line, hence the '\').

       To  use  the  above entry with auth-client-config, create a file with the above entries in it and put the
       file into the profiles database directory (typically named after the profile or package that  added  it).
       Now call auth-client-config with:

         auth-client-config -a -p example_local

EXAMPLES

       Set nsswitch.conf and pam to use the 'example_local' profile:
         auth-client-config -a -p example_local

       Set  only  nsswitch.conf  to  use  the 'example_local' profile, but only if current nsswitch.conf entries
       exist in the profiles database:
         auth-client-config -t nss -p example_local -d

       Restore nsswitch.conf and pam to previous non-auth-client-config files:
         auth-client-config -a -p example_local -r

KNOWN ISSUES

       If two or more profiles have the same name, only the last one will be used.  Additionally, if  a  profile
       in  the  profiles database has more than one entry for a particular field (eg, two 'nss_passwd' entries),
       then then the last one read will be used.

       auth-client-config strips out all carriage returns when run on Unix.

SEE ALSO

        nsswitch.conf(5), pam(7)

AUTHOR

       auth-client-config is copyright 2007-2008 by Jamie Strandboge

       This manual page was originally written by Jamie Strandboge <jamie@strandboge.com>

                                                    July 2007                             AUTH-CLIENT-CONFIG:(8)