Eikonal Blog

2011.03.11

PAM (Pluggable Authentication Modules)

Filed under: infosec, unix — Tags: , , — sandokan65 @ 16:14

Articles

Roles of PAM files

  • /etc/pam.conf – all-in-one configuration file for early versions of PAM. It may still be used in some modern versions.
  • /etc/pam.d/ – directory containing configurations files for each of separately configured program
  • /etc/pam.d/other – the default config file regulating all files that do not have their own separate PAM config file
  • /etc/pam.d/login
  • /etc/pam.d/system-auth
  • /etc/pam.d/sshd
  • /etc/pam.d/su
  • /etc/pam.d/gdm – the GNOME Display Manager PAM file.
    • Example (from http://ubuntuforums.org/showthread.php?t=1506759):
      #%PAM-1.0
      auth    requisite       pam_nologin.so
      auth    required        pam_env.so readenv=1
      auth    required        pam_env.so readenv=1 envfile=/etc/default/locale
      auth    sufficient      pam_succeed_if.so user ingroup nopasswdlogin
      @include common-auth
      auth    optional        pam_gnome_keyring.so
      @include common-account
      session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
      session required        pam_limits.so
      @include common-session
      session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
      session optional        pam_gnome_keyring.so auto_start
      @include common-password
      

Syntax of config files

Each line has format:

    module-type   control-flag   module-path   arguments

PAM modules

  • pam_deny.so module –
  • pam_permit.so module –
  • pam_warn.so module – used to interface to syslog

2 Comments »

  1. […] PAM (Pluggable Authentication Modules) – https://eikonal.wordpress.com/2011/03/11/pam […]

    Like

    Pingback by Passwords related postings « Eikonal Blog — 2011.05.12 @ 12:44


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: