Timo Weingärtner has graciously offered to take over the maintenance of pam_pwdfile. Its development will henceforth be hosted at

Old page contents follows

PAM, or pluggable authentication modules, is a very effective method by which applications can abstract the way that they authenticate and authorize users. Using PAM for example, a whole system can be switched from normal /etc/passwd to shadow passwords without recompiling a single binary, as was the case with older *ix systems. Linux being my OS of choice, I have had most contact with Linux-PAM, as maintained by Andrew Morgan. Please see the Linux PAM pages at

We required a Linux PAM module for authenticating using arbitrary password files containing username:crypted_password pairs, and this was not yet available for Linux PAM. As is the way with nicely open operating systems, I was able to put one together quickly, and you can get the source here. Since then, patches for extending functionality have also been contributed and integrated with pam_pwdfile. You can use this module to have different sets of passwords for each of the PAM-based services on your systems.

This module is available as part of Debian, where it is known as libpam-pwdfile. It also exists in the FreeBSD ports collection.

Warwick Duncan has written a very useful utility (command-line and CGI) to manage password files that can be used by pam_pwdfile. You can read all about chpwdfile and download it from the chpwdfile homepage! (Hmmm, it seems that the chpwdfile site has dropped off the edge of the internet. I’ve mirrored the source tarball of chpwdfile here. Remember that you can also use the apache htpasswd utility to manage your password files from the command line.)

23 thoughts on “pam_pwdfile”

  1. Is there a newer version of pam_pwdfile that works with newer versions of the pam source? I tried compiling with Linux-PAM-1.1.0 and it would appear some slight changed have been made in the structure of the source directory that are not compatible with the pam_pwdfile-0.99 source.

  2. Same problem here – Centos 5.2 doesn’t provide an RPM for pam_pwdfile and it won’t build:

    Makefile:8: ../../Make.Rules: No such file or directory
    make: *** No rule to make target `../../Make.Rules’. Stop.

      1. I tried that, but I get the following instead of that Make.Rules error:

        make: *** No rule to make target `pam_pwdfile.c', needed by `pam_pwdfile.o'. Stop.


  3. If anyone is looking for for Centos 5.2, you can successfully build it from PAM 0.77 source and pam_pwdfile-0.99 as outlined at

    P.S. For the x86_64 version I found I had to do an additional fix to get it to build :
    edit and add -fPIC to the OS_CFLAGS so that it reads
    case $OS in
    linux) OS_CFLAGS=”-ansi …. -pedantic -fPIC”

  4. I should note that htpasswd (from the Debian Squeeze package “apache2-utils”, Apache version 2.2) uses its very own “Apache MD5” when told to use MD5 hashing. Among other things, this results in the “$apr1$” prefix rather than “$1”, which pam_pwdfile expects (judging from its source code at trunk). Manifestations of this problem are, for instance, [1] and [2].

    TL;TR: it seems there’s no way to use current htpasswd to generate files with MD5 hashes suitable for pam_pwdfile to consume. chpwdfile worked just fine.


    1. Thanks for the your comment on this issue.

      Patches to the pam_pwdfile README (or even code) are of course more than welcome if you feel so inclined. :)

    1. It’s in maintenance mode. The module does what it should do, no more no less.

      I am open to patches, forks and ambitious new maintainers of course. :)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.