Files in /etc/pam.d/
Ian Smith
smithi at nimnet.asn.au
Mon Nov 7 15:58:18 UTC 2016
In freebsd-questions Digest, Vol 649, Issue 1, Message: 3
On Sun, 6 Nov 2016 15:53:07 +0100 Rocky Hotas <rockyhotas at post.com> wrote:
> Hi Mattew,
>
> > Sent: Sunday, November 06, 2016 at 1:14 PM
> > From: "Matthew Seaman" <matthew at FreeBSD.org>
> > To: freebsd-questions at freebsd.org
> > Subject: Re: Files in /etc/pam.d/
> >
> [...]
> > The 'login' policy covers console logins, and the 'passwd' policy covers
> > use of the passwd(1) utility for changing your password.
> [...]
> > services. The effect of a statement like this:
> >
> > session include system
> >
> > is to substitute the 'session' likes from /etc/pam.d/system
>
> Thank you for your detailed explanation. So, "system" is rather a
> container for default policies, to be called only where needed.
> Furthermore, "include" is not one of the 5 control flags listed in
> the documentation.
See pam.conf(5) first page. pam(3) covers core terms, tersely.
The trouble with pam(3) is that there's so much documentation :)
% apropos pam | wc -l
75
with no false positives, on 9.3 anyway.
% apropos pam | grep -v '(3)' | wc -l
25
is a little more manageable, for starters.
Matthew's summary at least doubled my still vague understanding of how
works PAM. I settle for crossed fingers and trusted nordic wizardry.
cheers, Ian
More information about the freebsd-questions
mailing list