PAM Service Types

Overview #

The PAM Service Types is the management group that the rule corresponds to. The PAM Service Types is used to specify which of the management groups the subsequent module is to be associated with. Valid entries are described below.

account #

The account module type performs non-authentication based account management.

The account module is typically used to restrict/permit access to a service based on the time of day, currently available system resources (maximum number of users) or perhaps the location of the applicant user -- 'root' login only on the console.

Used for determining whether the current user's account is valid. Modules that provide this service can check password or account expiration and time-restricted access.

auth #

The auth module type provides two aspects of authenticating the user. Firstly, it establishes that the user is who they claim to be, by instructing the application to prompt the user for a password or other means of identification. Secondly, the module can grant group membership or other privileges through its credential granting properties.

Used for granting users access to an account or service. Modules that provide this service authenticate users and set up user credentials.

password #

The password module type is required for updating the authentication token associated with the user. Typically, there is one module for each 'challenge/response' based authentication (auth) type.

Used for For enforcing password strength rules and performing authentication token updates.

session #

The session module type is associated with doing things that need to be done for the user before/after they can be given service. Such things include the logging of information concerning the opening/closing of some data exchange with a user, mounting directories, etc. Used For setting up and terminating login sessions.

An individual module can provide any or all interfaces for PAM Types. For instance, pam_unix.so module provides all four interfaces for PAM Types.

More Information #

There might be more information for this subject on one of the following: