PAM Configuration Files

The directory /etc/pam.d/ contains the PAM configuration files for PAM-aware applications. In earlier versions of PAM, the file /etc/pam.conf was used, but this file is now deprecated. The pam.conf file is only read if the /etc/pam.d/ directory is not found.

Each PAM-aware application (or service, as applications designed to be used by many users are commonly known) has its own file within the /etc/pam.d/ directory.

These files have a specific layout containing calls to modules usually located in the /lib/security/ directory. Additionally, each line within a PAM configuration file must specify a module type, a control flag, a path to the module, and, sometimes, module arguments.

PAM Service Names

Each PAM configuration file in the /etc/pam.d/ directory is named after the service for which it controls access. It is up to the PAM-aware program to define its service name and install its PAM configuration file in the pam.d directory. For example, the login program defines its service name as /etc/pam.d/login.

In general, the service name is the name of the program used to access the service, not the program used to provide the service. This is why the service wu-ftpd, defines its service name as /etc/pam.d/ftp.

The next four sections will describe the basic format of PAM configuration files and how they use PAM modules to perform authentication for PAM-aware applications.