PAM Modules
Each PAM module implements a specific mechanism. When setting up PAM authentication, you need to specify both the module and the module type, which defines what the module will do. More than one module type (auth, account, session, or password) may be associated with each module.
The following list describes each of the PAM modules.
-
The pam_unix module, /usr/lib/security/pam_unix.so.1, provides support for authentication, account management, session management, and password management. Any of the four module type definitions can be used with this module (see the pam_unix(5) man page). It uses UNIX passwords for authentication. In the Solaris environment, the selection of appropriate name services to get password records is controlled through the /etc/nsswitch.conf file.
-
The dial_auth module, /usr/lib/security/pam_dial_auth.so.1, can only be used for authentication (see the pam_dial_auth(5) man page). It uses data stored in the /etc/dialups and /etc/d_passwd files for authentication. This is mainly used by login.
-
The rhosts_auth module, /usr/lib/security/pam_rhosts_auth.so.1, can also only be used for authentication (see the pam_rhosts_auth(5) man page). It uses data stored in the ~/.rhosts and /etc/host.equiv files through ruserok(). This is mainly used by the rlogin and rsh commands.
For security reasons, these module files must be owned by root and must not be writable through group or other permissions. If the file is not owned by root, PAM will not load the module.
- © 2010, Oracle Corporation and/or its affiliates