Section: System Administrator's Manual (8)
Return to Main Contents
pam_stack - recurse into other PAM stacks
auth required /lib/security/pam_stack.so service=foo
session optional /lib/security/pam_stack.so service=foo
password optional /lib/security/pam_stack.so service=foo
account optional /lib/security/pam_stack.so service=foo
In a nutshell, pam_stack lets you "call", from inside of the stack for a
particular service, the stack defined for any another service. The intention
is to allow multiple services to "include" a system-wide setup, so that when
that setup needs to be changed, it need only be changed in one place.
turns on debugging via syslog(3).
tells pam_stack.so to execute the stack defined for the service name,
which will usually be another file in /etc/pam.d.
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_shells.so
auth sufficient /lib/security/pam_krb5.so
auth sufficient /lib/security/pam_unix.so shadow nullok
auth required /lib/security/pam_deny.so
Because recursion is fully supported, there is potential to really break things
by having a stack call itself either directly or via mutual recursion.
Let's hope not, but if you find any, please email the author.
Nalin Dahyabhai <email@example.com>
linux.jgfs.net manual pages