Red Hat Linux 7.3: The Official Red Hat Linux Reference Guide | ||
---|---|---|
Prev | Chapter 8. Pluggable Authentication Modules (PAM) | Next |
PAM uses arguments to pass information to a pluggable module during authentication for a particular module type. These arguments allow the PAM configuration files for particular programs to use a common PAM module but in different ways.
For example, the pam_userdb.so module uses secrets stored in a Berkeley DB file to authenticate the user. Berkeley DB is an open source database system designed to be embedded in many applications to track information. The module takes a db argument, specifying the Berkeley DB filename to use, which can be different for different services.
So, the pam_userdb.so line in a PAM configuration file look like this:
auth required /lib/security/pam_userdb.so db=path/to/file |
Invalid arguments are ignored and do not otherwise affect the success or failure of the PAM module. When an invalid argument is passed, an error is usually written to /var/log/messages file. However, since the reporting method is controlled by the PAM module, the module must be written correctly to log the error to this file.