PAM Linux quick & dirty guide
- set of libs to handle auth tasks
- dynamically configurable
- separeted in 4 segment groups Editer cette page.
- account: account verif pasord expired ? user permitted to access this service ?
- authentication: who are you. Password verif
- password: reponsability of updating auth mechanism
- session: before and after service tasks: audit trails, mounting/unmounting
- rules may be stacked to combine the services of a number of PAMs for a given auth task
- rule line syntax in each file:
type control module-path module-arguments
- type: management group for the rule. Valid types are account, auth, password, session
- control: behavior of PAM-api should the module fails to authenticate. might be value=action pairs
- valid control values:
- requisite > immediate termination
- required > failure after all the stacked modules execution
- sufficient success is enough to satisfy auth requirements. module stack exiting
- optional success important if it is the only module in stack
- include (new in Linux), include file as argument of this control
- complex control vals : value=action value2=action2, ...