- manage PAM configuration using packaged profiles
is a utility that permits configuring the central
authentication policy for the system using pre-defined
profiles as supplied by PAM module packages. Profiles
shipped in the /usr/share/pam−configs/
directory specify the modules, with options, to enable; the
preferred ordering with respect to other profiles; and
whether a profile should be enabled by default. Packages
providing PAM modules register their profiles at install
time by calling pam−auth−update
−−package. Selection of profiles is done
using the standard debconf interface. The profile selection
question will be asked at ’medium’ priority when
packages are added or removed, so no user interaction is
required by default. Users may invoke
pam−auth−update directly to change their
makes every effort to respect local changes to
/etc/pam.d/common-*. Local modifications to the list
of module options will be preserved, and additions of
modules within the managed portion of the stack will cause
pam−auth−update to treat the config files
as locally modified and not make further changes to the
config files unless given the −−force
If the user
specifies that pam−auth−update should
override local configuration changes, the locally-modified
files will be saved in /etc/pam.d/ with a suffix of
Indicate that the caller is a
package maintainer script; lowers the priority of debconf
questions to ’medium’ so that the user is not
prompted by default.
Remove the specified profiles
from the system configuration.
should be used to remove profiles from the configuration
before the modules they reference are removed from disk, to
ensure that PAM is in a consistent and usable state at all
times during package upgrades or removals.
Overwrite the current PAM
configuration, without prompting. This option must
not be used by package maintainer scripts; it is
intended for use by administrators only.
Global configuration of PAM,
affecting all installed services.
2008 Canonical Ltd.