Passwd
This document explains how to use the passwd module to read files in
the /etc/passwd format. The passwd module just reads and caches
these files. It does not do authentication.
When configuring the passwd module, see the
mods-available/passwd
configuration file, which describes the configuration parameters
accepted and what they do.
Implementation
This module can be used to authenticate users against a Linux shadow
password file or a BSD-style master.passwd file, but it requires
RADIUS to run as root. To do this, you should use the Password.Crypt
attribute.
On FreeBSD, it’s generally better to avoid using this module for
system authentication, since the system already manages passwd file
caching. However, it can be useful to read alternate files.
For example, administrators can use this module to check users against a secondary password file. They can also use the system’s built-in caching for the primary passwd file.
Other Supported File Types
smbpasswd
The module can also authenticate users against a SAMBA smbpasswd
file. For this, use the Password.LM or Password.NT attribute and set
Auth-Type = mschap
custom
If you have a custom password file, you can use the passwd module,
as long as the file stores passwords in a supported format. See the
pap module for more information on supported password types.
Difference between passwd and unix
The main difference between the passwd and unix modules is that
the passwd module can parse any passwd-like file, including
FreeBSD’s master.passwd or SAMBA smbpasswd. However, the passwd
module cannot perform system authentication such as NIS user
authentication.
Use the unix module for system authentication. For file-based
authentication on BSD, use passwd. On Linux, either module can be
used, with similar performance.
Edit mods-available/passwd
The mods-available/passwd module contains no configuration items, and does not need to be modified.