Michael: Created page with "== Format of a PAM file == === login PAM === An important line is in the login PAM file. The first line of the file means that root users can only login through secure shel..."

2013-09-10T12:16:30Z

Created page with "== Format of a PAM file == === login PAM === An important line is in the login PAM file. The first line of the file means that root users can only login through secure shel..."

New page

== Format of a PAM file ==

=== login PAM ===

An important line is in the login PAM file. The first line of the file means that root users can only login through secure shells as defined in /etc/securetty file and unknown users are ignored.

The second line includes all of the auth directives from teh system-auth PAM.

<syntaxhighlight>
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth include system-auth
</syntaxhighlight>

=== system-auth PAM ===

<syntaxhighlight>
auth required pam_env.so
auth sufficient pam_fprintd.so
auth sufficient pam_unix.so nullok try_first_pass
auth requisite pam_succeed_if.so uid >= 500 quiet
auth required pam_deny.so
</syntaxhighlight>

The five directives are run in order. The first sets up the environment and is required to pass.

The next two are marked a sufficient. They check authentication through a finger print reader and the users password. One of these must succeed. The forth defines the requirement that the users UID must be over 500.

If these conditions fail the final line locks the user our of the system.

Redhat:PAM Format - Revision history

Michael: Created page with "== Format of a PAM file == === login PAM === An important line is in the login PAM file. The first line of the file means that root users can only login through secure shel..."