Table of Contents
Advertisement
Chapter 16. Pluggable Authent...
3. PAM Configuration File Format
Each PAM configuration file contains a group of directives formatted as follows:
<module interface><control flag><module name><module arguments>
Each of these elements are explained in the subsequent sections.
3.1. Module Interface
There are four types of PAM module interfaces which correlate to different aspects of the
authorization process:
•
— This module interface authenticates use. For example, it asks for and verifies the
auth
validity of a password. Modules with this interface can also set credentials, such as group
memberships or Kerberos tickets.
•
— This module interface verifies that access is allowed. For example, it may check if
account
a user account is expired or is allowed to log in at a particular time of day.
•
— This module interface sets and verifies passwords.
password
•
— This module interface configures and manages user sessions. Modules with this
session
interface can also perform additional tasks that are needed to allow access, like mounting a
user's home directory and making the user's mailbox available.
Note
An individual module can provide any or all module interfaces. For instance,
pam_unix.so
In a PAM configuration file, the module interface is the first field defined. For example, a typical
line in a configuration may look like this:
auth required pam_unix.so
This instructs PAM to use the
3.1.1. Stacking Module Interfaces
Module interface directives can be stacked, or placed upon one another, so that multiple
modules are used together for one purpose. For this reason, the order in which the modules are
listed is very important to the authentication process.
298
provides all four module interfaces.
module's
pam_unix.so
interface.
auth
Advertisement
Table of Contents
