From owner-freebsd-questions@freebsd.org  Mon Nov  7 15:58:17 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F2538C35531
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Mon,  7 Nov 2016 15:58:17 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from sola.nimnet.asn.au (paqi.nimnet.asn.au [115.70.110.159])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 72E71C7C
 for <freebsd-questions@freebsd.org>; Mon,  7 Nov 2016 15:58:16 +0000 (UTC)
 (envelope-from smithi@nimnet.asn.au)
Received: from localhost (localhost [127.0.0.1])
 by sola.nimnet.asn.au (8.14.2/8.14.2) with ESMTP id uA7Fw6ci008242;
 Tue, 8 Nov 2016 02:58:06 +1100 (EST)
 (envelope-from smithi@nimnet.asn.au)
Date: Tue, 8 Nov 2016 02:58:06 +1100 (EST)
From: Ian Smith <smithi@nimnet.asn.au>
To: Rocky Hotas <rockyhotas@post.com>
cc: freebsd-questions@freebsd.org
Subject: Re: Files in /etc/pam.d/
In-Reply-To: <mailman.129.1478520002.21233.freebsd-questions@freebsd.org>
Message-ID: <20161108022257.V41537@sola.nimnet.asn.au>
References: <mailman.129.1478520002.21233.freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2016 15:58:18 -0000

In freebsd-questions Digest, Vol 649, Issue 1, Message: 3
On Sun, 6 Nov 2016 15:53:07 +0100 Rocky Hotas <rockyhotas@post.com> wrote:
 > Hi Mattew,
 > 
 > > Sent: Sunday, November 06, 2016 at 1:14 PM
 > > From: "Matthew Seaman" <matthew@FreeBSD.org>
 > > To: freebsd-questions@freebsd.org
 > > Subject: Re: Files in /etc/pam.d/
 > >
 > [...]
 > > The 'login' policy covers console logins, and the 'passwd' policy covers
 > > use of the passwd(1) utility for changing your password.
 > [...]
 > > services.  The effect of a statement like this:
 > > 
 > > session		include		system
 > > 
 > > is to substitute the 'session' likes from /etc/pam.d/system
 >
 > Thank you for your detailed explanation. So, "system" is rather a 
 > container for default policies, to be called only where needed. 
 > Furthermore, "include" is not one of the 5 control flags listed in 
 > the documentation.

See pam.conf(5) first page.  pam(3) covers core terms, tersely.

The trouble with pam(3) is that there's so much documentation :)

% apropos pam | wc -l
      75
with no false positives, on 9.3 anyway.

% apropos pam | grep -v '(3)' | wc -l
      25
is a little more manageable, for starters.

Matthew's summary at least doubled my still vague understanding of how 
works PAM.  I settle for crossed fingers and trusted nordic wizardry.

cheers, Ian