Introduction to Linux-PAM

The Linux-PAM package contains Pluggable Authentication Modules. This is useful to enable the local system administrator to choose how applications authenticate users.

Package information

Linux-PAM dependencies




sgmltools-lite and Berkeley DB-4.3.27 (for pam_userdb module)

Installation of Linux-PAM

Install Linux-PAM by running the following commands:

patch -Np1 -i ../Linux-PAM-0.78-linkage-2.patch &&
autoconf &&
sed -i 's/(mandir)/(MANDIR)/g' modules/Simple.Rules &&
./configure --enable-static-libpam --with-mailspool=/var/mail \
    --enable-read-both-confs --sysconfdir=/etc &&

Now, as the root user:

make install &&
mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib &&
rm /lib/libpam{,c,_misc}.so &&
ln -sf ../../lib/ /usr/lib/ &&
ln -sf ../../lib/ /usr/lib/ &&
ln -sf ../../lib/ /usr/lib/

Command explanations

autoconf: This is necessary because the patch changes where PAM looks for the cracklib libraries, requiring regeneration of the configure script.

sed -i 's/(mandir)/(MANDIR)/g' modules/Simple.Rules: This command puts the module manpages with the rest of the manpages in /usr/share/man.

--enable-static-libpam: This switch builds static PAM libraries as well as the dynamic libraries.

--with-mailspool=/var/mail: This switch makes the mailspool directory FHS compliant.

--enable-read-both-confs: This switch lets the local administrator choose which configuration file setup to use.

mv /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib: This command moves the static libraries to /usr/lib to comply with FHS guidelines.

rm /lib/libpam{,c,_misc}.so; ln -sf ... /usr/lib/...: These commands move the .so symlinks from /lib to /usr/lib.

Configuring Linux-PAM

Config files

/etc/pam.d/* or /etc/pam.conf

Configuration Information

Configuration information is placed in /etc/pam.d/ or /etc/pam.conf depending on user preference. Below are example files of each type:

# Begin /etc/pam.d/other

auth            required     nullok
account         required
session         required
password        required     nullok

# End /etc/pam.d/other

# Begin /etc/pam.conf

other           auth            required     nullok
other           account         required
other           session         required
other           password        required     nullok

# End /etc/pam.conf

The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM guide for system administrators is recommended for further reading.

Refer to for a list of various modules available.



You should now reinstall the Shadow- package.


Installed Program: unix_chkpwd and pam_tally
Installed Libraries: libpam.[so,a], libpamc.[so,a] and libpam_misc.[so,a]
Installed Directories: /etc/pam.d, /etc/security, /lib/security and /usr/include/security

Short Descriptions


checks user passwords that are stored in read protected databases.


provide the interfaces between applications and the PAM modules.

Last updated on 2005-03-17 20:30:11 -0700