Title: pam config notes Subject: how to use the Pluggable Authentication Module PAM= Pluggable Authentication Module Format For Files In /etc/pam.d/ # Each line is unique # space separated collection of tokens, # first three being case-insensitive TYPE CONTROL module-path module-arguments TYPE: ---------------------------------------------------- account - account verification. i.e. is account expired, does user have perms? auth - establish user is who they say with a challenge responce. password - to update a password session - maintenance of audit trails mounting users home directory CONTROL: behavior if the module should fail ---------------------------------------------------- requisite - failure of such a PAM results in the immediate termination of the authentication process; required - failure of such a PAM will ultimately lead to the PAM-API returning failure but only after the remaining stacked modules (for this service and type) have been invoked; sufficient - success of such a module is enough to satisfy the authentication requirements of the stack of modules (if a prior required module has failed the success of this one is ignored); optional - the success or failure of this module is only important if it is the only module in the stack associated with this service+type.