How to check if a PAM module is configured in Linux

Introduction

In this lab, you will learn how to check if a PAM (Pluggable Authentication Modules) module is configured in Linux. We will explore the standard locations for PAM configuration files and examine their contents to understand how different services utilize PAM for authentication and other security functions.

You will begin by listing the contents of the /etc/pam.d/ directory to identify service-specific PAM configuration files. Next, you will learn how to view the contents of these configuration files using the cat command to understand the specific PAM modules and rules applied to a service. Finally, you will explore the /lib/security directory to see the available PAM module files on the system.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/BasicFileOperationsGroup(["Basic File Operations"]) linux/BasicFileOperationsGroup -.-> linux/ls("Content Listing") linux/BasicFileOperationsGroup -.-> linux/cat("File Concatenating") subgraph Lab Skills linux/ls -.-> lab-558745{{"How to check if a PAM module is configured in Linux"}} linux/cat -.-> lab-558745{{"How to check if a PAM module is configured in Linux"}} end

Check PAM config with ls /etc/pam.d

In this step, we'll start exploring PAM (Pluggable Authentication Modules). PAM is a powerful framework that allows system administrators to configure how applications authenticate users. Instead of each application handling authentication itself, they can use PAM, which provides a centralized and flexible way to manage authentication, authorization, and account management.

Think of PAM as a set of interchangeable building blocks for authentication. You can plug in different modules to handle different authentication methods (like passwords, smart cards, or even biometrics) without changing the application itself.

The configuration files for PAM are typically located in the /etc/pam.d/ directory. Each file in this directory usually corresponds to a specific service or application that uses PAM, such as login, sudo, ssh, etc.

Let's list the contents of the /etc/pam.d/ directory to see which PAM configuration files exist on this system. We'll use the ls command, which is used to list directory contents.

Open your terminal if it's not already open. Remember, you can find the Xfce Terminal icon on the left side of your desktop.

Type the following command and press Enter:

ls /etc/pam.d/

You should see a list of files, similar to this (the exact list may vary slightly depending on the system configuration):

atd
chfn
chpasswd
chsh
cron
...
sudo
su
systemd-user
...

Each file listed here is a PAM configuration file for a specific service. For example, the sudo file contains the PAM configuration for the sudo command, and the login file contains the configuration for user logins.

By listing these files, you get an idea of which services on the system are using PAM for authentication and other security-related tasks.

Click Continue to proceed to the next step.

Verify PAM settings with cat /etc/pam.conf

In the previous step, we saw the individual PAM configuration files in /etc/pam.d/. While most modern systems use the /etc/pam.d/ directory structure, some older configurations or specific setups might still use a single, centralized configuration file: /etc/pam.conf.

The /etc/pam.conf file, if it exists and is used, contains rules for different services, module types, control flags, and the specific PAM modules to be used. Each line in this file typically defines a rule for a particular service.

Let's check if the /etc/pam.conf file exists and view its contents using the cat command. The cat command is used to display the content of files.

Type the following command in your terminal and press Enter:

cat /etc/pam.conf

On this system, you will likely see output indicating that the file does not exist or is empty. This is because, as mentioned, the system primarily uses the /etc/pam.d/ directory for PAM configurations.

cat: /etc/pam.conf: No such file or directory

This output confirms that the system relies on the individual files in /etc/pam.d/ rather than a single /etc/pam.conf file. Understanding this distinction is important when working with different Linux distributions or older systems.

Even though /etc/pam.conf is not used on this specific system, knowing about its existence and purpose is valuable for a complete understanding of PAM.

Click Continue to move on to the next step.

Inspect PAM modules in /lib/security

In the previous steps, we looked at the PAM configuration files. These files tell PAM which modules to use for different services. Now, let's look at where the actual PAM modules are stored on the system.

PAM modules are typically shared libraries (files ending with .so) that contain the code for specific authentication, authorization, account, or session management tasks. These modules are usually located in a directory like /lib/x86_64-linux-gnu/security/ or /lib/security/. On this system, they are located in /lib/x86_64-linux-gnu/security/.

Let's list the contents of the /lib/x86_64-linux-gnu/security/ directory to see the available PAM modules. We'll use the ls command again.

Type the following command in your terminal and press Enter:

ls /lib/x86_64-linux-gnu/security/

You will see a long list of files, each representing a different PAM module. The filenames usually start with pam_ followed by the module's name and end with .so.

pam_access.so
pam_cap.so
pam_chauthtok.so
pam_cracklib.so
...
pam_unix.so
pam_usw.so
pam_winbind.so

For example, pam_unix.so is a common module used for traditional Unix password authentication. pam_cracklib.so is used to check password strength.

Exploring this directory gives you an idea of the different authentication and security functionalities available through PAM on this system. The configuration files in /etc/pam.d/ reference these .so files to define the authentication process for each service.

Understanding the relationship between the configuration files in /etc/pam.d/ and the module files in /lib/x86_64-linux-gnu/security/ is key to comprehending how PAM works.

Click Continue to complete this lab.

Summary

In this lab, we began exploring PAM (Pluggable Authentication Modules) in Linux. We learned that PAM provides a flexible framework for managing authentication, authorization, and account management for various services. We started by listing the contents of the /etc/pam.d/ directory using the ls command to identify the individual PAM configuration files for different services like sudo, login, and ssh. This gave us an initial overview of which services on the system are utilizing PAM.