JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Developer's Guide to Oracle Solaris 11 Security     Oracle Solaris 11.1 Information Library
search filter icon
search icon

Document Information


1.  Oracle Solaris Security for Developers (Overview)

2.  Developing Privileged Applications

3.  Writing PAM Applications and Services

Introduction to the PAM Framework

PAM Service Modules

Changes to PAM Modules in This Release

PAM Library

PAM Authentication Process

Requirements for PAM Consumers

PAM Configuration

Configuring PAM Through /etc/pam.d

Writing Applications That Use PAM Services

A Simple PAM Consumer Example

Other Useful PAM Functions

Writing Conversation Functions

Writing Modules That Provide PAM Services

Requirements for PAM Service Providers

Sample PAM Provider Service Module

4.  Writing Applications That Use GSS-API

5.  GSS-API Client Example

6.  GSS-API Server Example

7.  Writing Applications That Use SASL

8.  Introduction to the Oracle Solaris Cryptographic Framework

9.  Writing User-Level Cryptographic Applications

10.  Introduction to the Oracle Solaris Key Management Framework

A.  Secure Coding Guidelines for Developers

B.  Sample C-Based GSS-API Programs

C.  GSS-API Reference

D.  Specifying an OID

E.  Source Code for SASL Example

F.  SASL Reference Tables



PAM Configuration

The PAM configuration, in /etc/pam.conf or per-service policy files in /etc/pam.d, is used to configure PAM service modules for system services, such as login, rlogin, su, and cron. The system administrator manages the PAM configuration. An incorrect order of entries in /etc/pam.conf or the per-service policy files in /etc/pam.d can cause unforeseen side effects. For example, a badly configured pam.conf can lock out users so that single-user mode becomes necessary for repair. For information on PAM configuration, see PAM Configuration (Reference) in Oracle Solaris 11.1 Administration: Security Services.

Configuring PAM Through /etc/pam.d

Starting with the Oracle Solaris 11.1 release, PAM can be also be configured via the per-service PAM policy files in the /etc/pam.d directory in addition to the pam.conf file.

The /etc/pam.d directory contains files named using the value of PAM_SERVICE. For example, /etc/pam.d/telnet is the file to read for the telnet service. The syntax of the /etc/pam.d files is identical to that of /etc/pam.conf except that the first column in the /etc/pam.conf file which is the service name, is omitted.

Configuring PAM with the /etc/pam.d files has following advantages:

The order given below is followed when searching for a configuration:

  1. /etc/pam.conf, for a named service entry

  2. /etc/pam.d/servicename

  3. /etc/pam.conf, for any other entry

  4. /etc/pam.d/other

This search order ensures that any customizations made to /etc/pam.conf file is preserved when the system is upgraded via pkg(5) and that the policy is still active.

See Privileges (Overview) in Oracle Solaris 11.1 Administration: Security Services for additional information.