| <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>The Linux-PAM System Administrators' Guide</title><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot"><meta name="description" content="This manual documents what a system-administrator needs to know about the Linux-PAM library. It covers the correct syntax of the PAM configuration file and discusses strategies for maintaining a secure system."><link rel="home" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="next" href="sag-introduction.html" title="Chapter 1. Introduction"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">The Linux-PAM System Administrators' Guide</th></tr><tr><td width="20%" align="left"> </td><th width="60%" align="center"> </th><td width="20%" align="right"> <a accesskey="n" href="sag-introduction.html">Next</a></td></tr></table><hr></div><div class="book"><div class="titlepage"><div><div><h1 class="title"><a name="sag"></a>The Linux-PAM System Administrators' Guide</h1></div><div><div class="authorgroup"><div class="author"><h3 class="author"><span class="firstname">Andrew G.</span> <span class="surname">Morgan</span></h3><code class="email"><<a class="email" href="mailto:morgan@kernel.org">morgan@kernel.org</a>></code></div><div class="author"><h3 class="author"><span class="firstname">Thorsten</span> <span class="surname">Kukuk</span></h3><code class="email"><<a class="email" href="mailto:kukuk@thkukuk.de">kukuk@thkukuk.de</a>></code></div></div></div><div><p class="releaseinfo">Version 1.1.2, 31. August 2010</p></div><div><div class="abstract"><p class="title"><b>Abstract</b></p><p>
        This manual documents what a system-administrator needs to know about
        the <span class="emphasis"><em>Linux-PAM</em></span> library. It covers the
        correct syntax of the PAM configuration file and discusses strategies
        for maintaining a secure system.
      </p></div></div></div><hr></div><div class="toc"><p><b>Table of Contents</b></p><dl class="toc"><dt><span class="chapter"><a href="sag-introduction.html">1. Introduction</a></span></dt><dt><span class="chapter"><a href="sag-text-conventions.html">2. Some comments on the text</a></span></dt><dt><span class="chapter"><a href="sag-overview.html">3. Overview</a></span></dt><dt><span class="chapter"><a href="sag-configuration.html">4. The Linux-PAM configuration file</a></span></dt><dd><dl><dt><span class="section"><a href="sag-configuration-file.html">4.1. Configuration file syntax</a></span></dt><dt><span class="section"><a href="sag-configuration-directory.html">4.2. Directory based configuration</a></span></dt><dt><span class="section"><a href="sag-configuration-example.html">4.3. Example configuration file entries</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-security-issues.html">5. Security issues</a></span></dt><dd><dl><dt><span class="section"><a href="sag-security-issues-wrong.html">5.1. If something goes wrong</a></span></dt><dt><span class="section"><a href="sag-security-issues-other.html">5.2. Avoid having a weak `other' configuration</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-module-reference.html">6. A reference guide for available modules</a></span></dt><dd><dl><dt><span class="section"><a href="sag-pam_access.html">6.1. pam_access - logdaemon style login access control</a></span></dt><dt><span class="section"><a href="sag-pam_cracklib.html">6.2. pam_cracklib - checks the password against dictionary words</a></span></dt><dt><span class="section"><a href="sag-pam_debug.html">6.3. pam_debug - debug the PAM stack</a></span></dt><dt><span class="section"><a href="sag-pam_deny.html">6.4. pam_deny - locking-out PAM module</a></span></dt><dt><span class="section"><a href="sag-pam_echo.html">6.5. pam_echo - print text messages</a></span></dt><dt><span class="section"><a href="sag-pam_env.html">6.6. pam_env - set/unset environment variables</a></span></dt><dt><span class="section"><a href="sag-pam_exec.html">6.7. pam_exec - call an external command</a></span></dt><dt><span class="section"><a href="sag-pam_faildelay.html">6.8. pam_faildelay - change the delay on failure per-application</a></span></dt><dt><span class="section"><a href="sag-pam_filter.html">6.9. pam_filter - filter module</a></span></dt><dt><span class="section"><a href="sag-pam_ftp.html">6.10. pam_ftp - module for anonymous access</a></span></dt><dt><span class="section"><a href="sag-pam_group.html">6.11. pam_group - module to modify group access</a></span></dt><dt><span class="section"><a href="sag-pam_issue.html">6.12. pam_issue - add issue file to user prompt</a></span></dt><dt><span class="section"><a href="sag-pam_keyinit.html">6.13. pam_keyinit - display the keyinit file</a></span></dt><dt><span class="section"><a href="sag-pam_lastlog.html">6.14. pam_lastlog - display date of last login</a></span></dt><dt><span class="section"><a href="sag-pam_limits.html">6.15. pam_limits - limit resources</a></span></dt><dt><span class="section"><a href="sag-pam_listfile.html">6.16. pam_listfile - deny or allow services based on an arbitrary file</a></span></dt><dt><span class="section"><a href="sag-pam_localuser.html">6.17. pam_localuser - require users to be listed in /etc/passwd</a></span></dt><dt><span class="section"><a href="sag-pam_loginuid.html">6.18. pam_loginuid - record user's login uid to the process attribute</a></span></dt><dt><span class="section"><a href="sag-pam_mail.html">6.19. pam_mail - inform about available mail</a></span></dt><dt><span class="section"><a href="sag-pam_mkhomedir.html">6.20. pam_mkhomedir - create users home directory</a></span></dt><dt><span class="section"><a href="sag-pam_motd.html">6.21. pam_motd - display the motd file</a></span></dt><dt><span class="section"><a href="sag-pam_namespace.html">6.22. pam_namespace - setup a private namespace</a></span></dt><dt><span class="section"><a href="sag-pam_nologin.html">6.23. pam_nologin - prevent non-root users from login</a></span></dt><dt><span class="section"><a href="sag-pam_permit.html">6.24. pam_permit - the promiscuous module</a></span></dt><dt><span class="section"><a href="sag-pam_pwhistory.html">6.25. pam_pwhistory - grant access using .pwhistory file</a></span></dt><dt><span class="section"><a href="sag-pam_rhosts.html">6.26. pam_rhosts - grant access using .rhosts file</a></span></dt><dt><span class="section"><a href="sag-pam_rootok.html">6.27. pam_rootok - gain only root access</a></span></dt><dt><span class="section"><a href="sag-pam_securetty.html">6.28. pam_securetty - limit root login to special devices</a></span></dt><dt><span class="section"><a href="sag-pam_selinux.html">6.29. pam_selinux - set the default security context</a></span></dt><dt><span class="section"><a href="sag-pam_shells.html">6.30. pam_shells - check for valid login shell</a></span></dt><dt><span class="section"><a href="sag-pam_succeed_if.html">6.31. pam_succeed_if - test account characteristics</a></span></dt><dt><span class="section"><a href="sag-pam_tally.html">6.32. pam_tally - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_tally2.html">6.33. pam_tally2 - login counter (tallying) module</a></span></dt><dt><span class="section"><a href="sag-pam_time.html">6.34. pam_time - time controled access</a></span></dt><dt><span class="section"><a href="sag-pam_timestamp.html">6.35. pam_timestamp - authenticate using cached successful authentication attempts</a></span></dt><dt><span class="section"><a href="sag-pam_umask.html">6.36. pam_umask - set the file mode creation mask</a></span></dt><dt><span class="section"><a href="sag-pam_unix.html">6.37. pam_unix - traditional password authentication</a></span></dt><dt><span class="section"><a href="sag-pam_userdb.html">6.38. pam_userdb - authenticate against a db database</a></span></dt><dt><span class="section"><a href="sag-pam_warn.html">6.39. pam_warn - logs all PAM items</a></span></dt><dt><span class="section"><a href="sag-pam_wheel.html">6.40. pam_wheel - only permit root access to members of group wheel</a></span></dt><dt><span class="section"><a href="sag-pam_xauth.html">6.41. pam_xauth - forward xauth keys between users</a></span></dt></dl></dd><dt><span class="chapter"><a href="sag-see-also.html">7. See also</a></span></dt><dt><span class="chapter"><a href="sag-author.html">8. Author/acknowledgments</a></span></dt><dt><span class="chapter"><a href="sag-copyright.html">9. Copyright information for this document</a></span></dt></dl></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"> </td><td width="20%" align="center"> </td><td width="40%" align="right"> <a accesskey="n" href="sag-introduction.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top"> </td><td width="20%" align="center"> </td><td width="40%" align="right" valign="top"> Chapter 1. Introduction</td></tr></table></div></body></html>
 |