Rather than building authentication into each and every application that needs it, most services in Linux will make use of modules such as PAM. These modules have the .so extension to identify them as standard modules, and are used by programs rather than the kernel directly. They make their home in /lib/security or /lib64/security, depending on whether your system is 32 bit or 64 bit. Each service or program that has PAM capabilities has its own configuration that dictates how authentication and session settings will be enforced; these files are located in /etc/pam.d. A quick look in this folder will reveal some recognizable names, such as sshd, sudo, su, and login, all representing services that have a level of authentication associated with them.

The /etc/pam.d/login file will be used by the console login program and /etc/pamd/sshd by the OpenSSH server. There will be multiple lines in each configuration file, and every line will have settings for...