On this page
- The System Administrators' Guide
- 1. Introduction
- 2. Some comments on the text
- 3. Overview
- 4. The Linux-PAM configuration file
- 4.1. Configuration file syntax
- 5. Security issues
- 5.1. If something goes wrong
- 6. A reference guide for available modules
- 6.1. pam_access - logdaemon style login access control
- 6.1. pam_access - logdaemon style login access control
- 6.2. pam_cracklib - checks the password against dictionary words
- 6.3. pam_debug - debug the PAM stack
- 6.4. pam_deny - locking-out PAM module
- 6.5. pam_echo - print text messages
- 6.6. pam_env - set/unset environment variables
- 6.7. pam_exec - call an external command
- 6.8. pam_faildelay - change the delay on failure per-application
- 6.9. pam_filter - filter module
- 6.10. pam_ftp - module for anonymous access
- 6.11. pam_group - module to modify group access
- 6.12. pam_issue - add issue file to user prompt
- 6.13. pam_keyinit - display the keyinit file
- 6.14. pam_lastlog - display date of last login
- 6.15. pam_limits - limit resources
- 6.16. pam_listfile - deny or allow services based on an arbitrary file
- 6.17. pam_localuser - require users to be listed in /etc/passwd
- 6.18. pam_loginuid - record user's login uid to the process attribute
- 6.19. pam_mail - inform about available mail
- 6.20. pam_mkhomedir - create users home directory
- 6.21. pam_motd - display the motd file
- 6.22. pam_namespace - setup a private namespace
- 6.23. pam_nologin - prevent non-root users from login
- 6.24. pam_permit - the promiscuous module
- 6.25. pam_pwhistory - grant access using .pwhistory file
- 6.26. pam_rhosts - grant access using .rhosts file
- 6.27. pam_rootok - gain only root access
- 6.28. pam_securetty - limit root login to special devices
- 6.29. pam_selinux - set the default security context
- 6.30. pam_shells - check for valid login shell
- 6.31. pam_succeed_if - test account characteristics
- 6.32. pam_tally - login counter (tallying) module
- 6.33. pam_tally2 - login counter (tallying) module
- 6.34. pam_time - time controlled access
- 6.35. pam_timestamp - authenticate using cached successful authentication attempts
- 6.36. pam_umask - set the file mode creation mask
- 6.37. pam_unix - traditional password authentication
- 6.38. pam_userdb - authenticate against a db database
- 6.39. pam_warn - logs all PAM items
- 6.40. pam_wheel - only permit root access to members of group wheel
- 6.41. pam_xauth - forward xauth keys between users
- 7. See also
- 8. Author/acknowledgments
- 9. Copyright information for this document
- The Module Writers' Guide
- 1. Introduction
- 1.1. Description
- 2. What can be expected by the module
- 2.1. Getting and setting PAM_ITEMs and data
- 3. What is expected of a module
- 3.1. Overview
- 3.1. Overview
- 3.1.1. Functional independence
- 3.2. Authentication management
- 3.2.1. Service function for user authentication
- 3.3. Account management
- 3.3.1. Service function for account management
- 3.4. Session management
- 3.4.1. Service function to start session management
- 3.5. Authentication token management
- 3.5.1. Service function to alter authentication token
- 4. Generic optional arguments
- 5. Programming notes
- 5.1. Security issues for module creation
- 6. An example module
- 7. See also
- 8. Author/acknowledgments
- 9. Copyright information for this document
- The Application Developers' Guide
- 1. Introduction
- 1.1. Description
- 2. Overview
- 3. The public interface to Linux-PAM
- 3.1. What can be expected by the application
- 3.1. What can be expected by the application
- 3.1.1. Initialization of PAM transaction
- 3.1.1. Initialization of PAM transaction
- 3.1.2. Termination of PAM transaction
- 3.1.3. Setting PAM items
- 3.1.4. Getting PAM items
- 3.1.5. Strings describing PAM error codes
- 3.1.6. Request a delay on failure
- 3.1.7. Authenticating the user
- 3.1.8. Setting user credentials
- 3.1.9. Account validation management
- 3.1.10. Updating authentication tokens
- 3.1.11. Start PAM session management
- 3.1.12. terminating PAM session management
- 3.1.13. Set or change PAM environment variable
- 3.1.14. Get a PAM environment variable
- 3.1.15. Getting the PAM environment
- 3.2. What is expected of an application
- 3.2.1. The conversation function
- 3.3. Programming notes
- 4. Security issues of Linux-PAM
- 4.1. Care about standard library calls
- 5. A library of miscellaneous helper functions
- 5.1. Functions supplied
- 6. Porting legacy applications
- 7. Glossary of PAM related terms
- 8. An example application
- 9. Files
- 10. See also
- 11. Author/acknowledgments
- 12. Copyright information for this document