Configuring PAM and consolehelper
Fedora uses the Pluggable Authentication Module (PAM) system to handle user authentication and identity changes. As the name implies, PAM is modular and configurable, enabling you to change the authentication (and authorization) setup on your system without programming.
How Do I Do That?
PAM configuration files are stored in /etc/pam.d, with one file per configured service. Each file is written in plain text and consists of at least three fields separated by spaces. The entries in these files are divided into four categories according to the first field, which identifies the module type. Possible values are:
-
auth Authentication configuration (determining who is logging in).
-
account Non-authentication-based access control, such as restricting activities by time of day.
-
password Password changes or other authentication token updates (such as recording a new retinal scan or fingerprint).
-
session Setup of the post-login session and environment.
The entries for a given module type are executed in sequence. For example, when performing authentication, the modules listed on the auth lines are executed in sequence.
The second field in each entry is called the control flag and determines the action taken when the module succeeds or fails. Possible values are:
-
required The module must succeed for the module type to succeed. Regardless of whether the module fails or succeeds, processing will continue with the next line (other modules of the same module type ...
Get Fedora Linux now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
