Passwd
======

User is looked up using 'getpwnam()' call, which usually looks into
'/etc/passwd' file, but depending on NSS
[http://en.wikipedia.org/wiki/Name_Service_Switch] configuration it may also
look up the user from eg. LDAP database.

Most commonly used as a user database.

The lookup is by default done in the auth worker processes. If you have only a
small local passwd file, you can avoid having extra auth worker processes by
disabling it:

---%<-------------------------------------------------------------------------
userdb {
  driver = passwd
  args = blocking=no
}
---%<-------------------------------------------------------------------------

Field overriding and extra fields (obsolete in v2.1+)
-----------------------------------------------------

It's possible to override fields from passwd and add <extra fields>
[UserDatabase.ExtraFields.txt] with templates, but in v2.1+ it's done in a
better way by using override_fields. For example:

---%<-------------------------------------------------------------------------
userdb {
  driver = passwd
  # Pre-v2.1:
  #args = home=/var/mail/%u mail=maildir:/var/mail/%u/Maildir
  # v2.1+:
  override_fields = home=/var/mail/%u mail=maildir:/var/mail/%u/Maildir
}
---%<-------------------------------------------------------------------------

This uses the UID and GID fields from passwd, but home directory is overridden.
Also the default <mail_location> [MailLocation.txt] setting is overridden.

Passwd as a password database
-----------------------------

Many systems use shadow passwords nowadays so passwd doesn't usually work as a
password database. BSDs are an exception to this, they still set the password
field even with shadow passwords.

With FreeBSD, passwd doesn't work as a password database because the password
field is replaced by a '*'. But you can use <Passwd-file>
[AuthDatabase.PasswdFile.txt].

(This file was created from the wiki on 2019-06-19 12:42)