Wiki

User Tools

Site Tools

Trace: firewall pci_devices all edit_crontab cheat_sheet about_video ll copy_a_data_cd amd_vs_nvidia configure_pam
ubuntu:pam:configure_pam

This is an old revision of the document!

Ubuntu - PAM - Configure PAM

The main configuration file for PAM is /etc/pam.conf and the /etc/pam.d/ directory contains the PAM configuration files for each PAM-aware application/services.

PAM will ignore the file if the directory exists.

The syntax for the main configuration file is as follows. 

service type control-flag module module-arguments

where:

  • service: actual application name.
  • type: module type/context/interface.
  • control-flag: indicates the behavior of the PAM-API should the module fail to succeed in its authentication task.
  • module: the absolute filename or relative pathname of the PAM.
  • module-arguments: space separated list of tokens for controlling module behavior.

The file is made up of a list of rules written on a single line.

You can extend rules over multiple lines using the “\” escape character. For example: 

aaa \
bbb

The format of each rule is a space separated collection of tokens (the first three are case-insensitive).

Comments are preceded with “#” marks and extend to the next end of line.

Syntax of PAM config files

The syntax of each file in /etc/pam.d/ is similar to that of the main file and is made up of lines of the following form: 

type control-flag module module-arguments

This is a example of a rule definition (without module-arguments) found in the /etc/pam.d/sshd file, which disallows non-root logins when /etc/nologin exists: 

account required pam_nologin.so
ubuntu/pam/configure_pam.1575204678.txt.gz · Last modified: 2020/07/15 09:30 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki