Registered by Jamie Strandboge

auth-client-config is a script for modifying nsswitch.conf and pam configuration files to aid in authentication configuration. It can be used by distribution packages or system administers to quickly and easily deploy configurations for nsswitch.conf and pam.

Excerpted from the man page (for version 0.4):

       This program updates nsswitch.conf and pam configuration files to aid in
       authentication configuration. If the existing nsswitch.conf and pam system
       configuration does not exist in the profiles database, auth-client-config will
       comment out the current configuration in such a way that the changes
       can be undone by auth-client-config with the -r option.

       auth-client-config -p PROFILE -a -t TYPE [-dn -f FILE]

       auth-client-config -p PROFILE -a -t TYPE -r [-n -f FILE]

       auth-client-config -p PROFILE -a -t TYPE -s [-f FILE]

              show program’s version number and exit

       -h, --help
              show this help message and exit

       -a, --all-types
              apply all types for specified profile

       -d, --database-only
              update file(s) only if current entries are in database

       -f FILE, --file=FILE
              update FILE instead of default

       -l, --list-profiles
              list available profiles

       -L, --list-types
              list available types

       -n, --dry-run
              don’t modify anything, just show the changes

       -p PROFILE, --profile=PROFILE (required)
              use PROFILE

       -r, --reset
              reset file(s) to previous non-auth-client-config values. Will not
              remove the current entries unless they match PROFILE

       -s, --check-system
              determine if system files are set to PROFILE

       -S, --show-system
              show current system settings as a profile

       -t TYPE, --type=TYPE
              modify files for TYPE

       Each time auth-client-config is run, it will check the profiles database
       (by default, #CONFIG_PREFIX#/auth-client-config/profile.d) for
       authentication profiles. Files may be added to the profiles database
       directory to support custom authentication configurations. This is use‐
       ful for a distribution maintainer to have his/her authentication package
       put an authentication profile into the profiles database, and then have
       his/her package use auth-client-config to update the system configura‐
       tion. It also allows for an administrator to set up a single profile for
       site-wide network authentication roll-outs.

       The files in the profiles database use the .INI configuration file stan‐
       dard, and the syntax is:

         nss_passwd=nsswitch.conf entry for ’passwd’
         nss_group=nsswitch.conf entry for ’group
         nss_shadow=nsswitch.conf entry for ’shadow’
         pam_auth=pam entry/entries for ’auth’
         pam_account=pam entry/entries for ’account’
         pam_password=pam entry/entries for ’password’
         pam_session=pam entry/entries for ’session’

       If you need to specify multiple entries for a specific type (which is
       often the case with PAM), then simply list additional entries on a new‐
       line preceded by a tab. For example, an entry for local configuration
       might be:

         nss_passwd=passwd: files
         nss_group=group: files
         nss_shadow=shadow: files
         pam_auth=auth required nullok_secure debug
         pam_account=account required debug
         pam_password=password required nullok obscure \
           min=4 max=8 md5 debug
         pam_session=session required debug
                session optional

       Notice how in the above, pam_session has two entries (pam_password in
       this example should be all on one line, hence the ’\’).

       To use the above entry with auth-client-config, create a file with the
       above entries in it and put the file into the profiles database directory
       (typically named after the profile or package that added it). Now call
       auth-client-config with:

         auth-client-config -a -p example_local

       Set nsswitch.conf and pam to use the ’example_local’ profile:
         auth-client-config -a -p example_local

       Set only nsswitch.conf to use the ’example_local’ profile, but only if
       current nsswitch.conf entries exist in the profiles database:
         auth-client-config -t nss -p example_local -d

       Restore nsswitch.conf and pam to previous non-auth-client-config files:
         auth-client-config -a -p example_local -r

Project information

Jamie Strandboge
Jamie Strandboge

RDF metadata

View full history Series and milestones

trunk series is the current focus of development.

All code Code

Version control system:
Programming languages:

All packages Packages in Distributions

All bugs Latest bugs reported


auth-client-config does not have any download files registered with Launchpad.