From 8f5ef272981beb3fafcb290c478c063b5b36555c Mon Sep 17 00:00:00 2001
From: "Alan T. DeKok" <aland@freeradius.org>
Date: Fri, 9 Jul 2010 10:27:36 +0200
Subject: [PATCH] Updated documentation

---
 raddb/modules/passwd | 39 +++++++++++++++++++++++++++++++++------
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/raddb/modules/passwd b/raddb/modules/passwd
index 7e44256..b7ac2a9 100644
--- a/raddb/modules/passwd
+++ b/raddb/modules/passwd
@@ -3,29 +3,56 @@
 #  $Id$
 
 # passwd module allows to do authorization via any passwd-like
-# file and to extract any attributes from these modules
+# file and to extract any attributes from these files.
+#
+#  See the "smbpasswd" and "etc_group" files for more examples.
 #
 # parameters are:
 #   filename - path to filename
+#
 #   format - format for filename record. This parameters
 #            correlates record in the passwd file and RADIUS
 #            attributes.
 #
-#            Field marked as '*' is key field. That is, the parameter
+#            Field marked as '*' is a key field. That is, the parameter
 #            with this name from the request is used to search for
 #            the record from passwd file
-#            Attribute marked as '=' is added to reply_itmes instead
+#
+#            Attributes marked as '=' are added to reply_items instead
 #            of default configure_itmes
-#	     Attribute marked as '~' is added to request_items
+#
+#	     Attributse marked as '~' are added to request_items
 #
 #            Field marked as ',' may contain a comma separated list
 #            of attributes.
+#
 #   hashsize - hashtable size. If 0 or not specified records are not
-#            stored in memory and file is red on every request.
-#   allowmultiplekeys - if few records for every key are allowed
+#            stored in memory and file is read on every request.
+#	     This configuration is *not* recommended, as it can be
+#	     very slow.  The "passwd" module reloads its configuration
+#	     on HUP, so setting "hashsize = 0" is unnecessary.
+#
+#   allowmultiplekeys - if many records for a key are allowed
+#
 #   ignorenislike - ignore NIS-related records
+#
 #   delimiter - symbol to use as a field separator in passwd file,
 #            for format ':' symbol is always used. '\0', '\n' are
 #	     not allowed 
 #
 
+#  An example configuration for using /etc/passwd.
+#
+#  We do NOT recommend using the configuration below.  See the "unix"
+#  module, or the "pam" module for a cleaner way to get system passwords.
+#  Using this configuration means that the server will find *only* those
+#  passwords which are in /etc/passwd, and will *ignore* all of the
+#  passwords in NIS, LDAP, etc.
+#
+passwd etc_passwd {
+	filename = /etc/passwd
+	format = "*User-Name:Crypt-Password:"
+	hashsize = 100
+	ignorenislike = no
+	allowmultiplekeys = no
+}
-- 
2.1.4