One of the most useful concepts of PAM is the stacking of modules. For each management group you can define a set or a stack of modules, which are used in turn. When an application calls the PAM library function, for example to authenticate, the PAM runtime will call each authentication function in each module—one at a time like cards from a stack. The order of calling is determined by the order in the configuration (service) file. You have to be careful—changing the order in the stack might have great impact on the functionality.
As example, let us examine the contents of the configuration file for the XDM service.
pamela@pamela:~$ cat /etc/pam.d/xdm # $Id: xdm.pam 189 2005-06-11 00:04:27Z branden $ auth required pam_unix.so nullok_secure auth requisite pam_nologin.so auth required pam_env.so envfile=/etc/default/locale
For simplicity, only the auth management group is shown. The stack consists of three elements or modules (unix
, nologin
, and env
). The nullok_secure...