It might be hardcoded into the programs, but each service has its own file in /etc/pam.d generally named after the actual process name. Local and serial consoles both work via getty which passes off actual logging in to "login", so you'd need to look at /etc/pam.d/login. SSH is actually "sshd", so it's in /etc/pam.d/sshd
On most modern distros, those files mostly contain lines like "@include common-password" or "auth include system-auth", so for those two you'd then need to look at /etc/pam.d/common-password or /etc/pam.d/system-auth. Slightly older distros (RHEL3, for instance), use something like "auth required pam_stack.so service=system-auth", which is a module based version of the same thing.
The PAM "service" name ("sshd", "sudo", etc.) is compiled into the application. That is what decides which file will be initially loaded. After that, the @include lines are processed as described in freiheit's post.
It might be hardcoded into the programs, but each service has its own file in /etc/pam.d generally named after the actual process name. Local and serial consoles both work via getty which passes off actual logging in to "login", so you'd need to look at /etc/pam.d/login. SSH is actually "sshd", so it's in /etc/pam.d/sshd
On most modern distros, those files mostly contain lines like "@include common-password" or "auth include system-auth", so for those two you'd then need to look at /etc/pam.d/common-password or /etc/pam.d/system-auth. Slightly older distros (RHEL3, for instance), use something like "auth required pam_stack.so service=system-auth", which is a module based version of the same thing.
The PAM "service" name ("sshd", "sudo", etc.) is compiled into the application. That is what decides which file will be initially loaded. After that, the @include lines are processed as described in freiheit's post.