Oct 27, 2021


PAM, or Linux Pluggable Authentication Modules

PAM stacks are not very easy to read. If you made a change but didn’t test it well, it might not work as expected. Or worse, you may end up exposing a vulnerability in your authentication mechanisms.

Here are my notes about the 3 terms in the PAM stack:

required: keeps going (despite success or failure).

sufficient: it stops (disregards what’s below it) when succeeds. It will only be successful if no previous ‘required’ items have failed.

requisite: if this fails, stops and return failure