| PAM.CONF(5) | File Formats Manual | PAM.CONF(5) | 
pam.conf —
If none of these locations contains a policy for the given
    service, the “other” policy is used
    instead, if it exists.
Entries in per-service policy files must be of one of the two forms below:
facility control-flag module-path
 [arguments ...
]
facility
 include
 other-service-name
Entries in pam.conf-style policy files are of the same form, but are prefixed by an additional field specifying the name of the service they apply to.
In both cases, blank lines and comments introduced by a
    ‘#’ sign are ignored, and the normal
    shell quoting rules apply. The precise details of how the file is tokenized
    are described in
    openpam_readword(3).
The facility field specifies the facility the entry applies to, and is one of:
authaccountsessionpasswordThe control-flag field determines how the result returned by the module affects the flow of control through (and the final result of) the rest of the chain, and is one of:
requiredrequisitesufficientbindingoptionalThere are two exceptions to the above:
    sufficient and binding
    modules are treated as optional by
    pam_setcred(3), and in
    the PAM_PRELIM_CHECK phase of
    pam_chauthtok(3).
The module-path field specifies the name or full path of the module to call. If only the name is specified, the PAM library will search for it in the following location:
The remaining fields, if any, are passed unmodified to the module if and when it is invoked.
The include form of entry causes entries
    from a different chain (specified by
    other-system-name) to be included in the current one.
    This allows one to define system-wide policies which are then included into
    service-specific policies. The system-wide policy can then be modified
    without having to also modify each and every service-specific policy.
include rules, as there is currently no loop detection
  in place.debug, which causes the dispatcher to enable debugging
  messages before calling each service function, and disable them afterwards
  (unless they were already enabled). Other special options include:
authtok_prompt=prompt,
    oldauthtok_prompt=prompt,
    user_prompt=promptecho_passtry_first_pass,
    use_first_passThe OpenPAM library is maintained by Dag-Erling Smørgrav <des@des.no>.
| February 24, 2019 | NetBSD 10.1 |