Description:Linux-PAM (Pluggable Authentication Modules)
License: BSD, GPL-2
  • + - stable
  • ~ - unstable
  • M - hardmask
alpha amd64 arm hppa ia64 m68k mips ppc ppc64 s390 sh sparc x86
1.5.1 ~ + + + ~ ~ ~ + + ~ - + +

USE flags

  • abi_mips_n32 - 64-bit (32-bit pointer) libraries
  • abi_mips_n64 - 64-bit libraries
  • abi_mips_o32 - 32-bit libraries
  • abi_ppc_32 - 32-bit (ppc) libraries
  • abi_ppc_64 - 64-bit (ppc64) libraries
  • abi_riscv_ilp32 - 32-bit (rv32) soft-float libraries
  • abi_riscv_ilp32d - 32-bit (rv32) double hard-float libraries
  • abi_riscv_lp64 - 64-bit (rv64) soft-float libraries
  • abi_riscv_lp64d - 64-bit (rv64) double hard-float libraries
  • abi_s390_32 - 32-bit (s390) libraries
  • abi_s390_64 - 64-bit (s390x) libraries
  • abi_x86_32 - 32-bit (x86) libraries
  • abi_x86_64 - 64-bit (amd64) libraries
  • abi_x86_x32 - x32 ABI libraries
  • audit - Enable support for Linux audit subsystem using sys-process/audit
  • berkdb - Build the pam_userdb module, that allows to authenticate users against a Berkeley DB file. Please note that enabling this USE flag will create a PAM module that links to the Berkeley DB (as provided by sys-libs/db) installed in /usr/lib and will thus not work for boot-critical services authentication.
  • debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see
  • elibc_FreeBSD - ELIBC setting for systems that use the FreeBSD C library
  • elibc_glibc - ELIBC setting for systems that use the GNU C library
  • filecaps - Use Linux file capabilities to control privilege rather than set*id (this is orthogonal to USE=caps which uses capabilities at runtime e.g. libcap)
  • nis - Support for NIS/YP services
  • nls - Add Native Language Support (using gettext - GNU locale utilities)
  • pie - Build programs as Position Independent Executables (a security hardening technique)
  • selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
  • split-usr - Enable behavior to support maintaining /bin, /lib*, /sbin and /usr/sbin separately from /usr/bin and /usr/lib*
  • static-libs - Build static versions of dynamic libraries as well
  • test - Enable dependencies and/or preparations necessary to run tests (usually controlled by FEATURES=test but can be toggled independently)
  • vim-syntax - Pulls in related vim syntax scripts

Security Advisory

Date Severity Title
4 months normal Linux-PAM: Authentication bypass
almost 5 years normal Linux-PAM: Multiple vulnerabilities
almost 9 years high Linux-PAM: Multiple vulnerabilities
over 11 years normal Linux-PAM: Privilege escalation
over 15 years normal SELinux PAM: Local password guessing attack

Also available in: Atom

Thank you!