Documentation for a newer release is available. View Latest


pam_userdb is a PAM module to authenticate against a db database. It is used to verify a username/password pair against values stored in a key/data pairs style database (i.e. Berkeley DB, GDBM). The database is indexed by the username, and the data fields corresponding to the username keys are the passwords. This module is most notably used in vsftpd environments.

Recently, pam_userdb switched its database provider from Berkeley DB to GDBM. If your system uses this module to authenticate users you need to convert the database to the new format.

Determining whether you are using pam_userdb

The way to determine if you are using pam_userdb, is to check the PAM stack:

$ grep -r pam_userdb /etc/pam.d/
/etc/pam.d/vsftpd:auth         sufficient db=/etc/vsftpd/login

If you are not using pam_userdb, then the search will return no values and you don’t have to do anything.

Converting the database

libdb package contains a binary that will handle the conversion for you. You only need to run it by providing the source and destination database files:. Example:

$ db_converter --src /etc/vsftpd/login.db --dest /etc/vsftpd/login.gdbm

Additional Resources