Help answer threads with 0 replies.
Go Back > Blogs > vap16oct1984
User Name


Rate this Entry

PAM Authentication

Posted 06-25-2009 at 12:55 AM by vap16oct1984

PAM - Pluggable Authentication Modules for Linux
Linux-PAM Is a system of libraries that handle the authentication tasks
of applications (services) on the system. The library provides a sta-
ble general interface (Application Programming Interface - API) that
privilege granting programs (such as login(1) and su(1)) defer to to
perform standard authentication tasks
Linux-PAM separates the tasks of authentication into four independent
management groups: account management; authentication management; pass-
word management; and session management. (We highlight the abbrevia-
tions used for these groups in the configuration file.)

Simply put, these groups take care of different aspects of a typical
user's request for a restricted service:

account - provide account verification types of service: has the user's
password expired?; is this user permitted access to the requested ser-

authentication - establish the user is who they claim to be. Typically
this is via some challenge-response request that the user must satisfy:
if you are who you claim to be please enter your password. Not all
authentications are of this type, there exist hardware based authenti-
cation schemes (such as the use of smart-cards and biometric devices),
with suitable modules, these may be substituted seamlessly for more
standard approaches to authentication - such is the flexibility of

password - this group's responsibility is the task of updating authen-
tication mechanisms. Typically, such services are strongly coupled to
those of the auth group. Some authentication mechanisms lend themselves
well to being updated with such a function. Standard UN*X password-
based access is the obvious example: please enter a replacement pass-

session - this group of tasks cover things that should be done prior to
a service being given and after it is withdrawn. Such tasks include the
maintenance of audit trails and the mounting of the user's home direc-
tory. The session management group is important as it provides both an
opening and closing hook for modules to affect the services available
to a user.
Posted in Uncategorized
Views 1020 Comments 0
« Prev     Main     Next »
Total Comments 0




All times are GMT -5. The time now is 07:21 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration