Chapter 7.


Pluggable Authentication Modules (PAM)


Programs which give privileges to users must properly authenticate each user. For instance, when you


log into a system, you provide your username and password, and the log in process uses this username


and password to verify your identity.


Pluggable Authentication Modules (PAM) allows the system administrator to set authentication poli 


cies for PAM aware applications without having to recompile authentication programs. PAM does this


by utilizing a pluggable, modular architecture. Which modules PAM calls for a particular application


is determined by looking at that application's PAM configuration file in the


/etc/pam.d/


directory.


In most situations, you will never need to alter the default PAM configuration files for a PAM aware


application. Whenever you use RPM to install programs that require authentication, they automatically


make the changes necessary to do normal password authentication using PAM. However, if you need


to customize the PAM configuration file, you must understand the structure of this file (see Section


7.2 for more information).


7.1. Advantages of PAM


When used correctly, PAM provides the following advantages for a system administrator:


It provides a common authentication scheme that can be used with a wide variety of applications.


It allows great flexibility and control over authentication for both the system administrator and


application developer.


It allows application developers to develop their program without implementing a particular au 


thentication scheme. Instead, they can focus purely on the details of their program.


7.2. PAM Configuration Files


The directory


/etc/pam.d/


contains the PAM configuration files for PAM aware applications. In


earlier versions of PAM, the file


/etc/pam.conf


was used, but this file is now deprecated. The


pam.conf


file is only read if the


/etc/pam.d/


directory does not exist.


Each PAM aware application or service   as applications designed to be used by many users are


commonly known   has its own file within the


/etc/pam.d/


directory.


These files have a specific layout containing calls to modules usually located in the


/lib/security/


directory. Additionally, each line within a PAM configuration file specifies a module type, a control


flag, a path to the module, and, sometimes, module arguments.


7.2.1. PAM Service Names


Each PAM configuration file in the


/etc/pam.d/


directory is named after the service for which it


controls access. It is up to the PAM aware program to define its service name and install its PAM


configuration file in the


pam.d


directory. For example, the


login


program defines its service name


as


/etc/pam.d/login


.


In general, the service name is the name of the program used to access the service, not the pro 


gram used to provide the service. This is why the service


wu ftpd


, defines its service name as


/etc/pam.d/ftp


.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      tomcat hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved