The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.
PAM provides system-entry applications with authentication and related security services for managing accounts, sessions, and passwords. Applications such as login, rlogin, and telnet are typical consumers of PAM services. The framework provides a uniform way for authentication-related activities to take place. This approach enables application developers to use PAM services without having to know the semantics of the policy. Algorithms are centrally supplied and can be modified independently of individual applications.
The PAM library is the central element in the PAM architecture. It exports an API (see the
pam(3)
manual page) that applications can call for authentication,
account management, credential establishment, session management, and password changes. The
libpam
library imports configuration files, either separate files under
/etc/pam.d
or the /etc/pam.conf
configuration file,
that specify the PAM module requirements for each available service.
Oracle Linux provides a PAM infrastructure that is similar to that on other platforms.
Although the functionality might be similar, there could be subtle differences between the
implementations. For example, PAM configuration is usually set by editing individual
configuration files located in the /etc/pam.d
directory. The presence of
this directory causes PAM to ignore the legacy PAM configuration file
/etc/pam.conf
.
PAM on Oracle Linux does not support the control value binding
that you
might find on other operating systems. When binding
is specified, if the
service module returns success and no preceding required modules return failures, PAM
immediately returns success without calling any subsequent modules. If a module returns
failure, PAM treat the failure as a required module failure, and continues to process the PAM
stack.