Linux PAM Guide - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Linux PAM Guide
Complete beginner-friendly guide to PAM (Pluggable Authentication Modules) on Linux, covering Arch Linux, CachyOS, and other distributions including authentication configuration, security policies, and user authentication.
Table of Contents
Understanding PAM
What is PAM?
PAM (Pluggable Authentication Modules) manages authentication.
Functions:
- Authentication: Verify user identity
- Authorization: Control access
- Session management: Manage user sessions
- Password management: Handle password policies
Why it matters:
- Security: Centralized authentication
- Flexibility: Modular authentication
- Policy control: Enforce security policies
PAM Configuration
Configuration Files
PAM configs:
# System PAM config
/etc/pam.d/
# Common configs
/etc/pam.d/login
/etc/pam.d/sudo
/etc/pam.d/passwd
Edit Configuration
Modify config:
# Edit PAM config
sudo vim /etc/pam.d/login
# Be careful - can lock you out
PAM Modules
Common Modules
Available modules:
- pam_unix: Traditional Unix authentication
- pam_ldap: LDAP authentication
- pam_sss: SSSD authentication
- pam_faillock: Account locking
- pam_cracklib: Password strength
Module Types
PAM types:
- auth: Authentication
- account: Account management
- session: Session management
- password: Password management
Common Configurations
Password Policy
Enforce strong passwords:
# Edit password config
sudo vim /etc/pam.d/passwd
Add:
password required pam_cracklib.so retry=3 minlen=8
password required pam_unix.so sha512 shadow
Account Locking
Lock after failed attempts:
# Edit login config
sudo vim /etc/pam.d/login
Add:
auth required pam_faillock.so preauth
auth required pam_faillock.so authfail
Troubleshooting
Authentication Errors
Check PAM:
# Test PAM config
pam_test
# Check logs
journalctl -u pam
Locked Out
Recovery:
# Boot from live USB
# Mount system
# Edit PAM config
# Or reset password
Summary
This guide covered PAM configuration, authentication modules, and security policies for Arch Linux, CachyOS, and other distributions.
Next Steps
- Security Configuration - Security setup
- User and Groups - User management
- PAM Documentation:
man pam
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.