Updated documentation

diff --git a/raddb/modules/passwd b/raddb/modules/passwd
index 7e44256..b7ac2a9 100644 (file)
--- a/raddb/modules/passwd
+++ b/raddb/modules/passwd
@@ -3,29 +3,56 @@
 #  $Id$
 
 # passwd module allows to do authorization via any passwd-like
-# file and to extract any attributes from these modules
+# file and to extract any attributes from these files.
+#
+#  See the "smbpasswd" and "etc_group" files for more examples.
 #
 # parameters are:
 #   filename - path to filename
+#
 #   format - format for filename record. This parameters
 #            correlates record in the passwd file and RADIUS
 #            attributes.
 #
-#            Field marked as '*' is key field. That is, the parameter
+#            Field marked as '*' is a key field. That is, the parameter
 #            with this name from the request is used to search for
 #            the record from passwd file
-#            Attribute marked as '=' is added to reply_itmes instead
+#
+#            Attributes marked as '=' are added to reply_items instead
 #            of default configure_itmes
-#           Attribute marked as '~' is added to request_items
+#
+#           Attributse marked as '~' are added to request_items
 #
 #            Field marked as ',' may contain a comma separated list
 #            of attributes.
+#
 #   hashsize - hashtable size. If 0 or not specified records are not
-#            stored in memory and file is red on every request.
-#   allowmultiplekeys - if few records for every key are allowed
+#            stored in memory and file is read on every request.
+#           This configuration is *not* recommended, as it can be
+#           very slow.  The "passwd" module reloads its configuration
+#           on HUP, so setting "hashsize = 0" is unnecessary.
+#
+#   allowmultiplekeys - if many records for a key are allowed
+#
 #   ignorenislike - ignore NIS-related records
+#
 #   delimiter - symbol to use as a field separator in passwd file,
 #            for format ':' symbol is always used. '\0', '\n' are
 #           not allowed 
 #
 
+#  An example configuration for using /etc/passwd.
+#
+#  We do NOT recommend using the configuration below.  See the "unix"
+#  module, or the "pam" module for a cleaner way to get system passwords.
+#  Using this configuration means that the server will find *only* those
+#  passwords which are in /etc/passwd, and will *ignore* all of the
+#  passwords in NIS, LDAP, etc.
+#
+passwd etc_passwd {
+       filename = /etc/passwd
+       format = "*User-Name:Crypt-Password:"
+       hashsize = 100
+       ignorenislike = no
+       allowmultiplekeys = no
+}