User is looked up using getpwnam() call, which usually looks into /etc/passwd file, but depending on NSS configuration it may also look up the user from eg. LDAP database.

Most commonly used as a user database.

The lookup is by default done in the auth worker processes. If you have only a small local passwd file, you can avoid having extra auth worker processes by disabling it:

userdb {
  driver = passwd
  args = blocking=no

Field overriding and extra fields

It’s possible to override fields from passwd and add User database extra fields with templates, but in v2.1+ it’s done in a better way by using override_fields.

For example:

userdb {
  driver = passwd
  # Pre-v2.1:
  #args = home=/var/mail/%u mail=maildir:/var/mail/%u/Maildir
  # v2.1+:
  override_fields = home=/var/mail/%u mail=maildir:/var/mail/%u/Maildir

This uses the UID and GID fields from passwd, but home directory is overridden. Also the default Mail Location Settings setting is overridden.

Passwd as a password database

Many systems use shadow passwords nowadays so passwd doesn’t usually work as a password database. BSDs are an exception to this, they still set the password field even with shadow passwords.

With FreeBSD, passwd doesn’t work as a password database because the password field is replaced by a *. But you can use Passwd-file.