pam_user.conf(4)pam_user.conf(4)NAMEpam_user.conf - user configuration file for pluggable authentication
modules
SYNOPSISDESCRIPTION
is the user configuration file for the Pluggable Authentication Module
architecture, or PAM. It is not designed to replace the PAM system
configuration file, For PAM to work properly, is mandatory (see
pam.conf(4)). is optional. It is used only when a user basis configu‐
ration is needed. It mainly specifies options to be used by service
modules on a user basis.
The options defined in indicate the default for users who are not con‐
figured in or if the module type is not configured for some users. For
the configuration in to take effect, needs to configure service module
(see pam.conf(4)).
Simplified pam_user.conf Configuration File
The file contains a listing of login names. Each login name is paired
with a corresponding service module with or without options specified.
Each entry has the following format:
login_name module_type module_path options
Below is an example of the configuration file.
tom auth /usr/lib/security/$ISA/libpam_unix.so.1 debug use_psd
tom auth /usr/lib/security/$ISA/libpam_dce.so.1 use_first_pass
tom account /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
tom account /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass
susan auth /usr/lib/security/$ISA/libpam_unix.so.1
susan auth /usr/lib/security/$ISA/libpam_dce.so.1 try_first_pass
The login_name denotes the login name of a user (for example, For
detailed information on module_type, module_path, and options, see
pam.conf(4).
The first entry indicates that when the UNIX authentication is invoked
for the options and will be used. The second entry indicates that when
the DCE authentication is invoked for the option will be used. The
module type is not configured for therefore, the options will take
effect. For those users who are not configured, the options apply.
Notes
If an error is found in an entry due to invalid login_name or mod‐
ule_type, then the entry is ignored. If there are no valid entries for
the given module_type, the PAM framework ignores and reads the configu‐
ration in
EXAMPLES
The following is a sample configuration file. Lines that begin with
the symbol are treated as comments, and therefore ignored.
#
# PAM user configuration
#
# Authentication management
john auth /usr/lib/security/$ISA/libpam_unix.so.1
john auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
david auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
david auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
susan auth /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
susan auth /usr/lib/security/$ISA/libpam_inhouse.so.1 try_first_pass
# Password management
john password /usr/lib/security/$ISA/libpam_unix.so.1
david password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
susan password /usr/lib/security/$ISA/libpam_unix.so.1 use_psd
SEE ALSOpam(3), pam.conf(4).
pam_user.conf(4)