-
-
Notifications
You must be signed in to change notification settings - Fork 1
Linux PAM Guide
Mattscreative edited this page Dec 5, 2025
·
2 revisions
Complete beginner-friendly guide to PAM (Pluggable Authentication Modules) on Linux, covering Arch Linux, CachyOS, and other distributions including authentication configuration, security policies, and user authentication.
PAM (Pluggable Authentication Modules) manages authentication.
Functions:
- Authentication: Verify user identity
- Authorization: Control access
- Session management: Manage user sessions
- Password management: Handle password policies
Why it matters:
- Security: Centralized authentication
- Flexibility: Modular authentication
- Policy control: Enforce security policies
PAM configs:
# System PAM config
/etc/pam.d/
# Common configs
/etc/pam.d/login
/etc/pam.d/sudo
/etc/pam.d/passwdModify config:
# Edit PAM config
sudo vim /etc/pam.d/login
# Be careful - can lock you outAvailable modules:
- pam_unix: Traditional Unix authentication
- pam_ldap: LDAP authentication
- pam_sss: SSSD authentication
- pam_faillock: Account locking
- pam_cracklib: Password strength
PAM types:
- auth: Authentication
- account: Account management
- session: Session management
- password: Password management
Enforce strong passwords:
# Edit password config
sudo vim /etc/pam.d/passwdAdd:
password required pam_cracklib.so retry=3 minlen=8
password required pam_unix.so sha512 shadow
Lock after failed attempts:
# Edit login config
sudo vim /etc/pam.d/loginAdd:
auth required pam_faillock.so preauth
auth required pam_faillock.so authfail
Check PAM:
# Test PAM config
pam_test
# Check logs
journalctl -u pamRecovery:
# Boot from live USB
# Mount system
# Edit PAM config
# Or reset passwordThis guide covered PAM configuration, authentication modules, and security policies for Arch Linux, CachyOS, and other distributions.
- Security Configuration - Security setup
- User and Groups - User management
-
PAM Documentation:
man pam
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.