Date: Tue, 8 Nov 2016 02:58:06 +1100 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Rocky Hotas <rockyhotas@post.com> Cc: freebsd-questions@freebsd.org Subject: Re: Files in /etc/pam.d/ Message-ID: <20161108022257.V41537@sola.nimnet.asn.au> In-Reply-To: <mailman.129.1478520002.21233.freebsd-questions@freebsd.org> References: <mailman.129.1478520002.21233.freebsd-questions@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In freebsd-questions Digest, Vol 649, Issue 1, Message: 3
On Sun, 6 Nov 2016 15:53:07 +0100 Rocky Hotas <rockyhotas@post.com> wrote:
> Hi Mattew,
>
> > Sent: Sunday, November 06, 2016 at 1:14 PM
> > From: "Matthew Seaman" <matthew@FreeBSD.org>
> > To: freebsd-questions@freebsd.org
> > Subject: Re: Files in /etc/pam.d/
> >
> [...]
> > The 'login' policy covers console logins, and the 'passwd' policy covers
> > use of the passwd(1) utility for changing your password.
> [...]
> > services. The effect of a statement like this:
> >
> > session include system
> >
> > is to substitute the 'session' likes from /etc/pam.d/system
>
> Thank you for your detailed explanation. So, "system" is rather a
> container for default policies, to be called only where needed.
> Furthermore, "include" is not one of the 5 control flags listed in
> the documentation.
See pam.conf(5) first page. pam(3) covers core terms, tersely.
The trouble with pam(3) is that there's so much documentation :)
% apropos pam | wc -l
75
with no false positives, on 9.3 anyway.
% apropos pam | grep -v '(3)' | wc -l
25
is a little more manageable, for starters.
Matthew's summary at least doubled my still vague understanding of how
works PAM. I settle for crossed fingers and trusted nordic wizardry.
cheers, Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161108022257.V41537>