PAM ‐ Pluggable Authentication Modules for Linux - toge510/homelab GitHub Wiki

What is PAM

Linux-PAM is a system of libraries that handle the authentication tasks of applications (services) on the system. The library provides a stable general interface (Application Programming Interface - API) that privilege granting programs.

/etc/pam.d

: the Linux-PAM configuration directory. Generally, if this directory is present, the /etc/pam.conf file is ignored.

• Format: type control module-path module-arguments
  • type:
    • account
    • authentication
    • password
    • session

example) /etc/pam.d/su

.
.
.
# This allows root to su without passwords (normal operation)
auth       sufficient pam_rootok.so

# Uncomment this to force users to be a member of group wheel
# before they can use `su'. You can also add "group=foo"
# to the end of this line if you want to use a group other
# than the default "wheel" (but this may have side effect of
# denying "root" user, unless she's a member of "foo" or explicitly
# permitted earlier by e.g. "sufficient pam_rootok.so").
# (Replaces the `SU_WHEEL_ONLY' option from login.defs)
# auth       required   pam_wheel.so

# Uncomment this if you want wheel members to be able to
# su without a password.
# auth       sufficient pam_wheel.so trust

# Uncomment this if you want members of a specific group to not
# be allowed to use su at all.
# auth       required   pam_wheel.so deny group=nosu
.
.
.