This cheat sheet provides a quick reference for some common PAM (Pluggable Authentication Module) commands and concepts. PAM is a framework used on Unix-like operating systems to manage authentication and access control for various applications and services.
PAM Configuration Files
PAM configuration is defined in configuration files located in
- View PAM configuration for a specific service (e.g., SSH):
PAM modules define the authentication, authorization, and session management for services.
- List installed PAM modules:
Common PAM Module Types
- auth: Used for user authentication.
- account: Manages account access (e.g., account expiration).
- password: Handles password management (e.g., changing passwords).
- session: Defines session-related actions (e.g., session setup).
PAM Configuration Syntax
PAM configuration files follow a common syntax for module definitions.
type control module-path arguments
PAM Control Flags
PAM control flags determine the module's success or failure behavior.
- required: Success is required for authentication to proceed.
- requisite: Success is required, and if it fails, authentication fails immediately.
- sufficient: If it succeeds, authentication succeeds immediately, but it's not required.
- optional: The module's success or failure does not impact the authentication process.
Allow root to log in using SSH with password authentication:
auth required pam_permit.so
Deny root login using SSH:
auth required pam_deny.so
Enforce password complexity requirements:
password requisite pam_pwquality.so retry=3
View PAM configuration for a specific service (e.g., SSH):
List installed PAM modules:
This cheat sheet covers some common PAM (Pluggable Authentication Module) commands and concepts. PAM is a powerful framework for managing authentication and access control in Unix-like operating systems, making it essential for system administrators and security professionals; refer to your system's documentation and the official Linux-PAM documentation for more in-depth information and advanced usage.