PAM
Oct 27, 2021
PAM, or Linux Pluggable Authentication Modules
PAM stacks are not very easy to read. If you made a change but didn’t test it well, it might not work as expected. Or worse, you may end up exposing a vulnerability in your authentication mechanisms.
Here are my notes about the 3 terms in the PAM stack:
required: keeps going (despite success or failure).
sufficient: it stops (disregards what’s below it) when succeeds. It will only be successful if no previous ‘required’ items have failed.
requisite: if this fails, stops and return failure
