Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Mail Systems
Eclipse Documentation

How To Guides
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Problem Solutions
Privacy Policy




openSUSE 11.1 Reference Guide
Previous Page Home Next Page

19.4 Configuring PAM Using pam-config

The pam-config tool helps you configure the global PAM configuration files under /etc/pam.d/common-*-pc as well as several selected application configurations. For a list of supported modules, use the command pam-config --list-modules. Use the pam-config command to maintain your PAM configuration files. Add new modules to your PAM configurations, delete other modules or modify options to these modules. When changing global PAM configuration files, no manual tweaking of the PAM setup for individual applications is required.

A simple real-world use case for pam-config would involve the following:

  1. Auto-generate a fresh Unix-style PAM configuration. Let pam-config create the simplest possible setup which you can extend later on. The pam-config --create command creates a simple UNIX authentication configuration. Pre-existing configuration files not maintained by pam-config are overwritten, but backup copies are kept as *.pam-config-backup.

  2. Add a new authentication method. Adding a new authentication method (for example, LDAP) to your stack of PAM modules comes down to a simple pam-config --add --ldap command. LDAP is added wherever appropriate across all common-*-pc PAM configuration files.

  3. Add debugging for test purposes. To make sure the new authentication procedure works as planned, turn on debugging for all PAM-related operations. The pam-config --add --ldap-debug turns on debugging for LDAP-related PAM operations. Find the debugging output in /var/log/messages.

  4. Query your setup. Before you finally apply your new PAM setup, check whether it contains all the options you planned to add. The pam-config --query --module lists both the type and the options for the queried PAM module.

  5. Remove the debug options. Finally, remove the debug option from your setup when you are entirely satisfied with the performance of it. The pam-config --delete --ldap-debug turns of debugging for LDAP authentication. In case you had debugging options added for other modules, use similar commands to turn these off.

When you create your PAM configuration files from scratch using the pam-config --create command, it creates symbolic links from the common-* to the common-*-pc files. pam-config only modifies the common-*-pc configuration files. Removing these symbolic links effectively disable pam-config, because pam-config only operates on the common-*-pc files and these files are not put into effect without the symbolic links.

For more information on the pam-config command and the options available, refer to the manual page of pam-config, pam-config(8).

openSUSE 11.1 Reference Guide
Previous Page Home Next Page

  Published under the terms fo the GNU General Public License Design by Interspire