Provided by: libpam-runtime_1.1.8-1ubuntu2_all
pam-auth-update - manage PAM configuration using packaged profiles
pam-auth-update [--package [--remove profile [profile...]]] [--force]
pam-auth-update is a utility that permits configuring the central authentication policy for the system using pre-defined profiles as supplied by PAM module packages. Profiles shipped in the /usr/share/pam-configs/ directory specify the modules, with options, to enable; the preferred ordering with respect to other profiles; and whether a profile should be enabled by default. Packages providing PAM modules register their profiles at install time by calling pam-auth-update --package. Selection of profiles is done using the standard debconf interface. The profile selection question will be asked at `medium' priority when packages are added or removed, so no user interaction is required by default. Users may invoke pam-auth-update directly to change their authentication configuration. The script makes every effort to respect local changes to /etc/pam.d/common-*. Local modifications to the list of module options will be preserved, and additions of modules within the managed portion of the stack will cause pam-auth-update to treat the config files as locally modified and not make further changes to the config files unless given the --force option. If the user specifies that pam-auth-update should override local configuration changes, the locally-modified files will be saved in /etc/pam.d/ with a suffix of .pam-old.
--package Indicate that the caller is a package maintainer script; lowers the priority of debconf questions to `medium' so that the user is not prompted by default. --remove profile [profile...] Remove the specified profiles from the system configuration. pam-auth-update --remove should be used to remove profiles from the configuration before the modules they reference are removed from disk, to ensure that PAM is in a consistent and usable state at all times during package upgrades or removals. --force Overwrite the current PAM configuration, without prompting. This option must not be used by package maintainer scripts; it is intended for use by administrators only.
/etc/pam.d/common-* Global configuration of PAM, affecting all installed services. /usr/share/pam-configs/ Package-supplied authentication profiles.
Steve Langasek <email@example.com>
Copyright (C) 2008 Canonical Ltd.