PAM Summary

gistfile1.txt

PAM

type  control  module-path  module-arguments

	type: management group
		account
			non-auth account management
		auth
			authenticate
			group membership
		password
			update auth token
		session
			do things before/after given service

	control: what to do on failure
		simple
			required
				fail, after all stacked run
				[success=ok new_authtok_reqd=ok ignore=ignore default=bad]
			requisite
				fail immediately
				[success=ok new_authtok_reqd=ok ignore=ignore default=die]
			sufficient
				pass immediately
				[success=done new_authtok_reqd=done default=ignore]
			optional
				only important if it is the only module
				[success=ok new_authtok_reqd=ok default=ignore]
			include
				include file
			substack
				include file, but done/die impacts only substack
		[value1=action1 value2=action2 ...]
			value: return code
				abort
				acct_expired
				auth_err
				authinfo_unavail
				authtok_disable_aging
				authtok_err
				authtok_expired
				authtok_lock_busy
				authtok_recover_err
				bad_item
				buf_err
				conv_again
				conv_err
				cred_err
				cred_expired
				cred_insufficient
				cred_unavail
				default
				ignore
				incomplete
				maxtries
				module_unknown
				new_authtok_reqd
				no_module_data
				open_err
				perm_denied
				service_err
				session_err
				success
				symbol_err
				system_err
				try_again
				user_unknown
			action
				ignore: ignore return in stack
				bad: module failure, runs others
				die: fail immediately
				ok: ok (does not take over previous failures)
				done: ok immediately
				N: ok with jump
				reset: clear state, go to next module