#include <security/pam_modules.h>
??? cc -fPIC -o pam_module-name.so .... -lpam
Linux-PAM (Pluggable Authentication Modules for Linux) is a library that enables the local system administrator to choose how individual applications authenticate users. For an overview of the Linux-PAM library see pam(5).
A Linux-PAM module is a single executable binary file that can be
loaded by the pam interface library. This PAM library is configured
locally with a system file, /etc/pam.conf
, to authenticate a
user request via the locally available authentication modules. The
modules themselves will usually be located in the directory
/usr/lib/security
and take the form of dynamically loadable
object files (see dlopen(3)). It is the PAM interface that is called
by an application and it is the responsibility of the library to load
and call functions in a PAM-module.
Except for the immediate purpose of interacting with the user (entering a password etc..) the module should never call the application directly. This exception requires a "conversation mechanism" which is documented below.