Introduction to Linux-PAM

The Linux-PAM package contains Pluggable Authentication Modules. This is useful to enable the local system administrator to choose how applications authenticate users.

Package Information

Additional Downloads

Linux-PAM Dependencies




sgmltools-lite and Berkeley DB-4.3.28 (for pam_userdb module)

Installation of Linux-PAM

Install Linux-PAM by running the following commands:

sed -i 's|DICT_DIR_CANDIDATES="|&/lib /lib/cracklib |' \
    configure &&
./configure --enable-static-libpam --with-mailspool=/var/mail \
    --enable-read-both-confs --sysconfdir=/etc \
    --mandir=/usr/share/man &&

If you downloaded the documentation and wish to install it, unpack the tarball into the doc directory:

tar -jxf ../Linux-PAM-0.80-docs.tar.bz2 -C doc

Now, as the root user:

make install &&
mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib &&
rm -v /lib/libpam{,c,_misc}.so &&
ln -v -sf ../../lib/ /usr/lib/ &&
ln -v -sf ../../lib/ /usr/lib/ &&
ln -v -sf ../../lib/ /usr/lib/

Install the documentation using the following commands:

install -v -d -m755 /usr/share/doc/Linux-PAM-0.80 &&
for DOCTYPE in html ps specs txts
    cp -v -R doc/$DOCTYPE /usr/share/doc/Linux-PAM-0.80

Command Explanations

sed -i 's|DICT_DIR_CANDIDATES="|&/lib /lib/cracklib |' configure: This command changes where configure looks to find the CrackLib dictionary.

--enable-static-libpam: This switch builds static PAM libraries as well as the dynamic libraries.

--with-mailspool=/var/mail: This switch makes the mailspool directory FHS compliant.

--enable-read-both-confs: This switch lets the local administrator choose which configuration file setup to use.

mv -v /lib/libpam.a /lib/libpam_misc.a /lib/libpamc.a /usr/lib: This command moves the static libraries to /usr/lib to comply with FHS guidelines.

rm -v /lib/libpam{,c,_misc}.so; ln -v -sf ... /usr/lib/...: These commands move the .so symlinks from /lib to /usr/lib.

Configuring Linux-PAM

Config Files

/etc/security/* and /etc/pam.d/* or /etc/pam.conf

Configuration Information

Configuration information is placed in /etc/pam.d/ or /etc/pam.conf depending on user preference. Below are example files of each type:

# Begin /etc/pam.d/other

auth            required     nullok
account         required
session         required
password        required     nullok

# End /etc/pam.d/other

# Begin /etc/pam.conf

other           auth            required     nullok
other           account         required
other           session         required
other           password        required     nullok

# End /etc/pam.conf

The PAM man page (man pam) provides a good starting point for descriptions of fields and allowable entries. The Linux-PAM guide for system administrators is recommended for further reading.

Refer to for a list of various modules available.



You should now reinstall the Shadow-4.0.9 package.


Installed Programs: unix_chkpwd and pam_tally
Installed Libraries: libpam.[so,a], libpamc.[so,a], and libpam_misc.[so,a]
Installed Directories: /etc/pam.d, /etc/security, /lib/security, and /usr/include/security

Short Descriptions


checks user passwords that are stored in read protected databases.


is used to view or manipulate the faillog file.


provides the interfaces between applications and the PAM modules.

Last updated on 2005-08-01 13:29:19 -0600