The PAM Configuration File Format
Configuring PAM means editing its configuration files. The format of these files is fairly simple, but these files use a number of options that aren’t immediately obvious to the uninitiated. You must also know something about how the PAM configuration file works with multiple modules. These modules can also interact in unintuitive ways.
PAM Configuration Files and Fields
In order to implement its design goals, PAM uses one or more
configuration files: either a file called
/etc/pam.conf or files in the
/etc/pam.d directory named after the particular
systems they control. The /etc/pam.d directory
is more common in Linux; this approach enables packages to add files
to the directory for their services, without having to modify
/etc/pam.conf.
Warning
When reconfiguring PAM, you can easily render your system unable to
support logins. Thus, I recommend experimenting with one login server
at a time, leaving yourself some way to log in should you create an
inoperable system. For instance, experiment with the
login service and leave the gdm
or xdm service alone. Some distributions use the
pam_stack.so module (described shortly) to
control many login servers. With such a system, you may need to back
up its original configuration file and leave a root session running to be sure you can undo
any disastrous mistake without logging in anew.
The /etc/pam.conf file entries are similar to
the contents of files in /etc/pam.d. The
principle difference is that the /etc/pam.conf ...
Get Linux in a Windows World now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
