Linux - PAM (Pluggable Authentication Modules)

Table of Contents

About

Pluggable Authentication Modules

Management

UI

pam-auth-update

Configuration File

Syntax

The Syntax of each rule is a space separated collection of tokens, the first three being case-insensitive: 

service type control module-path module-arguments

where:

  • service is the name of a service where this line should apply
  • type is a security component that the pam module should implement:
    • account: security rule on user information
    • auth: security rule on authentication
    • password: security rule on password manipulation
    • session: security rule on session
  • control: describe what should happens if the module processing fails.
  • module-path generally only a relative path (name) of the module from the directory /lib64/security/ or /lib/security/
  • module-arguments: the argument of the module

The control include will include an other configuration file. For example, the below configuration will include the configuration /etc/pam.d/password-auth 

auth       include      password-auth

Scope

Global
cat /etc/pam.conf

# ---------------------------------------------------------------------------#
# /etc/pam.conf                                                              #
# ---------------------------------------------------------------------------#
#
# NOTE
# ----
#
# NOTE: Most program use a file under the /etc/pam.d/ directory to setup their
# PAM service modules. This file is used only if that directory does not exist.
# ---------------------------------------------------------------------------#

# Format:
# serv. module     ctrl       module [path]     ...[args..]                  #
# name  type       flag                                                      #

# The configuration of omi is generated by the omi installer.
omi auth required pam_env.so
omi auth required pam_unix.so nullok_secure
omi account required pam_unix.so
omi session required pam_limits.so
# End of section generated by the omi installer.
Per service

The directory /etc/pam.d/ is filled with files each of which has a filename equal to a service-name (in lower-case).

ie

  • It is the personal configuration file for the named service. For example, login contains the configuration for the login service.
  • The service-name other is reserved for giving default rules.

Syntax of each file is the same than in the global configuration but without the service as first name. 

type  control  module-path  module-arguments

List: 

ls -1 /etc/pam.d/

chfn
chpasswd
chsh
common-account
common-auth
common-password
common-session
common-session-noninteractive
cron
login
newusers
other
passwd
polkit-1
runuser
runuser-l
samba
sshd
su
sudo
systemd-user
vmtoolsd

where:

Documentation / Reference


Data (State)
Data (State)
DataBase
Data Processing
Data Quality
Data Structure
Data Type
Data Warehouse
Data Visualization
Data Partition
Data Persistence
Data Concurrency

Data Science
Data Analysis
Statistics
Data Science
Linear Algebra Mathematics
Trigonometry

Modeling
Process
Logical Data Modeling
Relational Modeling
Dimensional Modeling
Automata

Data Type
Number
Time
Text
Collection
Relation (Table)
Cube
Tree
Key/Value
Graph
Spatial
Color
Log

Measure Levels
Order
Nominal
Discrete
Distance
Ratio

Code
Compiler
Lexical Parser
Grammar
Function
Testing
Debugging
Shipping
Data Type
Versioning
Design Pattern

Infrastructure
Operating System
Cryptography
Security
File System
Network
Process (Thread)
Computer
PerfCounter
Infra As Code

Marketing
Advertising
Analytics
Email

Web
Html
Dom
Http
Url
Css
Javascript
Selector
Browser
Web Services
OAuth

Contact
[email protected]
Privacy Policy
Status

Powered by ComboStrap