Changing the /etc/pam.conf file

Edit online

There are a few thing you should consider before changing the /etc/pam.conf file.

When changing the /etc/pam.conf configuration file, consider the following requirements:
  • The file should always be owned by the root user and group security. Permission on the file needs to be 644 to allow everyone read access but only allow root to modify.
  • For greater security, consider explicitly configuring each PAM-enabled service and then using the pam_prohibit module for the OTHER service keyword.
  • Read any documentation supplied for a chosen module, and determine which control flags and options are supported and what their impact will be.
  • Select the ordering of modules and control flags carefully, keeping in mind the behavior of required, requisite, sufficient, and optional control flags in stacked modules.
Note: Incorrect configuration of the PAM configuration file can result in a system that cannot be logged in to since the configuration applies to all users including root. After making changes to the file, always test the affected applications before logging out of the system. A system that cannot be logged in to can be recovered by booting the system in maintenance mode and correcting the /etc/pam.conf configuration file.