Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

10.3.9.2. PAM

Linux can use PAM, the Pluggable Authentication Module, a flexible method of UNIX authentication. Advantages of PAM:

  • A common authentication scheme that can be used with a wide variety of applications.

  • PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.

  • Great flexibility and control over authentication for the administrator and application developer.

  • Application developers do not need to develop their program to use a particular authentication scheme. Instead, they can focus purely on the details of their program.

The directory /etc/pam.d contains the PAM configuration files (used to be /etc/pam.conf). Each application or service has its own file. Each line in the file has four elements:

  • Module:

    • auth: provides the actual authentication (perhaps asking for and checking a password) and sets credentials, such as group membership or Kerberos tickets.

    • account: checks to make sure that access is allowed for the user (the account has not expired, the user is allowed to log in at this time of day, and so on).

    • password: used to set passwords.

    • session: used after a user has been authenticated. This module performs additional tasks which are needed to allow access (for example, mounting the user's home directory or making their mailbox available).

    The order in which modules are stacked, so that multiple modules can be used, is very important.

  • Control Flags: tell PAM which actions to take upon failure or success. Values can be required, requisite, sufficient or optional.

  • Module Path: path to the pluggable module to be used, usually in /lib/security.

  • Arguments: information for the modules

Shadow password files are automatically detected by PAM.

More information can be found in the pam man pages or at the Linux-PAM project homepage.

Introducing Linux
Previous Page Home Next Page

 
 
  Published under the terms of the GNU General Public License Design by Interspire