Manualshelf

Service manual

ManualsBrandsCyclades ManualsComputer equipmentAccess Router Cyclades-PR1000
181182183184185186187188189190
185Appendix J Linux-PAM
Cyclades-TS Installation & Service Manual
Service-name
The name of the service associated with this entry. Frequently the service name is the conventional name of the
given application. For example, ftpd, rlogind, su, etc.
There is a special service-name, reserved for defining a default authentication mechanism. It has the name
OTHER and may be specified in either lower or upper case characters. Note, when there is a module specified
for a named service, the OTHER entries are ignored.
Module-type
One of (currently) the four types of module. The four types are as follows:
Auth - this module type provides two aspects of authenticating the user. Firstly, it establishes that the user is
who they claim to be, by instructing the application to prompt the user for a password or other means of
identification. Secondly, the module can grant group membership, independently of the /etc/groups, or
other privileges through its credential granting properties.
Account -this module performs non-authentication based account management. It is typically used to restrict/
permit access to a service based on the time of day, currently available system resources (maximum
number of users) or perhaps the location of the applicant user—‘root login only on the console.
Session - primarily, this module is associated with doing things that need to be done for the user before/after
they can be given service. Such things include the logging of information concerning the opening/closing of
some data exchange with a user, mounting directories, etc.
Password - this last module type is required for updating the authentication token associated with the user.
Typically, there is one module for each challenge/response based authentication (auth) module-type.