Security Handbook/PAM

Pluggable authentication modules.

PAM is a suite of shared libraries that provide an alternative way providing user authentication in programs. The  USE flag is turned on by default. Thus the PAM settings on Gentoo Linux are pretty reasonable, but there is always room for improvement. First install :

This will add the cracklib which will ensure that the user passwords are at least 8 characters and contain a minimum of 2 digits, 2 other characters, and are more than 3 characters different from the last password. This forces the user to choose a good password (password policy). Check the PAM cracklib documentation for more options.

Every service not configured with a PAM file in will use the rules in. The defaults are set to deny, as they should be. But I like to have a lot of logs, which is why I added. The last configuration is pam_limits, which is controlled by. See the section for more on these settings.