Most services need to be configured in the same way, that is the authentication of valid users is done in exactly same way, and it is obviously a bad idea to have replicates of the configuration for all services.
Many, but not all, PAM implementations allow you to consolidate the configuration. From version 0.78 of Linux-PAM (released November 2004), it has been possible to use the @include
directive. As you might guess, the @include
directive can take the contents of another file and include these in the current file. Ubuntu Linux utilizes consolidation of PAM configuration heavily. An example for the ppp service is given below:
#%PAM-1.0 # Information for the PPPD process with the 'login' option. auth required pam_nologin.so @include common-auth @include common-account @include common-session
The file /etc/pam.d/common-auth
contains common or shared configuration for the auth management group, and so forth with the account and session groups...