Manualshelf

User guide

ManualsBrandsBlack Box ManualsComputer equipmentACS120
331332333334335336337338339340
Appendix D - Linux-PAM
User Guide 337
Appendix D - Linux-PAM
Introduction
Linux-PAM (Pluggable Authentication Modules for Linux) is a suite of shared libraries that
enable the local system administrator to choose how applications authenticate users. In other
words, without (rewriting and) recompiling a PAM-aware application, it is possible to switch
between the authentication mechanism(s) it uses. Indeed, one may entirely upgrade the local
authentication system without touching the applications themselves.
It is the purpose of the Linux-PAM project to separate the development of privilege-granting
software from the development of secure and appropriate authentication schemes. This is
accomplished by providing a library of functions that an application may use to request that a
user be authenticated. This PAM library is configured locally with a system file, /etc/pam.conf
(or a series of configuration files located in /etc/pam.d/) to authenticate a user request via the
locally available authentication modules. The modules themselves will usually be located in
the directory /lib/security and take the form of dynamically loadable object files.
The Linux-PAM authentication mechanism gives to the system administrator the freedom to
stipulate which authentication scheme is to be used. S/he has the freedom to set the scheme
for any/all PAM-aware applications on your Linux system. That is, s/he can authenticate from
anything as generous as simple trust (pam_permit) to something as severe as a combination
of a retinal scan, a voice print and a one-time password!
Linux-PAM deals with four separate types of (management) task. These are: authentication
management, account management, session management, and password management. The
association of the preferred management scheme with the behavior of an application is made
with entries in the relevant Linux-PAM configuration file. The management functions are per-
formed by modules specified in the configuration file.
Following is a figure that describes the overall organization of Linux-PAM: