The directory /etc/pam.d/ contains the PAM
configuration files for PAM-aware applications. In earlier versions of
PAM, the file /etc/pam.conf was used, but this file is now
deprecated. The pam.conf
file is only read if the /etc/pam.d/ directory is
not found.
Each PAM-aware application (or service, as applications
designed to be used by many users are commonly known) has its own file within the
/etc/pam.d/ directory.
These files have a specific layout containing calls to modules usually located
in the /lib/security/ directory. Additionally, each
line within a PAM configuration file must specify a module type, a control
flag, a path to the module, and, sometimes, module arguments.
Each PAM configuration file in the /etc/pam.d/
directory is named after the service for which it controls access. It
is up to the PAM-aware program to define its service name and install
its PAM configuration file in the pam.d
directory. For example, the login program defines
its service name as /etc/pam.d/login.
In general, the service name is the name of the program used to
access the service, not the program used to
provide the service. This is why the service
wu-ftpd, defines its service name as
/etc/pam.d/ftp.
The next four sections will describe the basic format of PAM
configuration files and how they use PAM modules to perform
authentication for PAM-aware applications.
