LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Blogs > vap16oct1984
User Name
Password

Notices



Rate this Entry

PAM Authentication

Posted 06-25-2009 at 01:55 AM by vap16oct1984

PAM - Pluggable Authentication Modules for Linux
Linux-PAM Is a system of libraries that handle the authentication tasks
of applications (services) on the system. The library provides a sta-
ble general interface (Application Programming Interface - API) that
privilege granting programs (such as login(1) and su(1)) defer to to
perform standard authentication tasks
Linux-PAM separates the tasks of authentication into four independent
management groups: account management; authentication management; pass-
word management; and session management. (We highlight the abbrevia-
tions used for these groups in the configuration file.)


Simply put, these groups take care of different aspects of a typical
user's request for a restricted service:


account - provide account verification types of service: has the user's
password expired?; is this user permitted access to the requested ser-
vice?

authentication - establish the user is who they claim to be. Typically
this is via some challenge-response request that the user must satisfy:
if you are who you claim to be please enter your password. Not all
authentications are of this type, there exist hardware based authenti-
cation schemes (such as the use of smart-cards and biometric devices),
with suitable modules, these may be substituted seamlessly for more
standard approaches to authentication - such is the flexibility of
Linux-PAM.

password - this group's responsibility is the task of updating authen-
tication mechanisms. Typically, such services are strongly coupled to
those of the auth group. Some authentication mechanisms lend themselves
well to being updated with such a function. Standard UN*X password-
based access is the obvious example: please enter a replacement pass-
word.

session - this group of tasks cover things that should be done prior to
a service being given and after it is withdrawn. Such tasks include the
maintenance of audit trails and the mounting of the user's home direc-
tory. The session management group is important as it provides both an
opening and closing hook for modules to affect the services available
to a user.
Posted in Uncategorized
Views 837 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 05:23 PM.

Main Menu
Advertisement

Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration