16.3. PAM Configuration File Format
<module interface> <control flag> <module name> <module arguments>
16.3.1. Module Interface
auth— This module interface authenticates use. For example, it asks for and verifies the validity of a password. Modules with this interface can also set credentials, such as group memberships or Kerberos tickets.
account— This module interface verifies that access is allowed. For example, it may check if a user account is expired or is allowed to log in at a particular time of day.
password— This module interface sets and verifies passwords.
session— This module interface configures and manages user sessions. Modules with this interface can also perform additional tasks that are needed to allow access, like mounting a user's home directory and making the user's mailbox available.
pam_unix.soprovides all four module interfaces.
auth required pam_unix.so
220.127.116.11. Stacking Module Interfaces
rloginnormally uses five stacked
authmodules, as seen in its PAM configuration file:
auth required pam_nologin.so auth required pam_securetty.so auth required pam_env.so auth sufficient pam_rhosts_auth.so auth required pam_stack.so service=system-auth
rlogin, PAM verifies that the
/etc/nologinfile does not exist, that they are not trying to log in remotely as a root user over a network connection, and that any environmental variables can be loaded. Then, if a successful
rhostsauthentication is performed, the connection is allowed. If the
rhostsauthentication fails, then standard password authentication is performed.