Introduction to Linux PAM

The Linux PAM package contains Pluggable Authentication Modules used to enable the local system administrator to choose how applications authenticate users.

This package is known to build using an LFS 7.4 platform but has not been tested.

Package Information

Additional Downloads

Optional Documentation

Linux PAM Dependencies


Berkeley DB-6.0.20, CrackLib-2.9.0, libtirpc-0.2.3 and Prelude

Optional (To Rebuild the Documentation)

docbook-xml-4.5, docbook-xsl-1.78.1, fop-1.1, libxslt-1.1.28 and w3m-0.5.3

User Notes:

Installation of Linux PAM

If you downloaded the documentation, unpack the tarball by issuing the following command.

tar -xf ../Linux-PAM-1.1.7-docs.tar.bz2 --strip-components=1

Install Linux PAM by running the following commands:

./configure --prefix=/usr \
            --sysconfdir=/etc \
            --docdir=/usr/share/doc/Linux-PAM-1.1.7 \
            --disable-nis &&

To test the results, a configuration file must be created. This file will be removed after the tests have completed. Ensure there are no errors produced by the tests before continuing the installation. First create the configuration file by issuing the following commands as the root user:

install -v -m755 -d /etc/pam.d &&

cat > /etc/pam.d/other << "EOF"
auth     required
account  required
password required
session  required

Now run the tests by issuing make check.

Remove the configuration file created earlier by issuing the following command as the root user:

rm -rfv /etc/pam.d

Now, as the root user:

make install &&
chmod -v 4755 /sbin/unix_chkpwd

Command Explanations

--disable-nis: This switch disables building of the Network Information Service/Yellow Pages support in pam_unix and pam_access modules. Remove it if you have installed libtirpc-0.2.3.

chmod -v 4755 /sbin/unix_chkpwd: The unix_chkpwd helper program must be setuid so that non-root processes can access the shadow file.

Configuring Linux-PAM

Config Files

/etc/security/* and /etc/pam.d/*

Configuration Information

Configuration information is placed in /etc/pam.d/. Below is an example file:

# Begin /etc/pam.d/other

auth            required     nullok
account         required
session         required
password        required     nullok

# End /etc/pam.d/other

The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM System Administrators' Guide is recommended for additional information.

Refer to for a list of various third-party modules available.



You should now reinstall the Shadow- package.


Installed Program: mkhomedir_helper, pam_tally, pam_tally2, pam_timestamp_check, unix_chkpwd and unix_update
Installed Libraries:, and
Installed Directories: /etc/security, /lib/security, /usr/include/security and /usr/share/doc/Linux-PAM-1.1.7

Short Descriptions


is a helper binary that creates home directories.


is used to interrogate and manipulate the login counter file.


is used to interrogate and manipulate the login counter file, but does not have some limitations that pam_tally does.


is used to check if the default timestamp is valid


is a helper binary that verifies the password of the current user.


is a helper binary that updates the password of a given user.

provides the interfaces between applications and the PAM modules.

Last updated on 2013-09-12 20:08:10 -0700