The syntax of the /etc/pam.conf configuration file is as follows:
- The file is made up of a list of rules,
- each rule is typically placed on a single line, but may be extended with an escaped end of line: `\<LF>'. \
- Comments are preceded with "#" marks and extend to the next end of line.
The format of each rule is a space separated collection of tokens, the first three being case-insensitive:
type control module module-arguments
Configuration File Structure#
There are tow file structures in use.
- pam.conf - A single file that contains the configuration
- pam.d - A directory structure that has sub directories for each service.
The syntax of files contained in the /etc/pam.d/ directory, are identical except for the absence of any service field. In this case, the service is the name of the file in the /etc/pam.d/ directory. This filename must be in lower case.
An important feature of PAM, is that a number of rules may be stacked to combine the services of a number of PAMs for a given authentication task.
The service is typically the familiar name of the corresponding application: login and su are good examples. The service-name, other, is reserved for giving default rules. Only lines that mention the current service (or in the absence of such, the other entries) will be associated with the given service-application.
The PAM Service Types is the management group that the rule corresponds to. It is used to specify which of the management groups the subsequent module is to be associated with. Valid type entries
There might be more information for this subject on one of the following: