Book Image

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By : Kenneth Geisshirt
Book Image

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By: Kenneth Geisshirt

Overview of this book

<p>PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration.<br /><br />The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. <br /><br />PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.</p>

Related Content you might be interested in

Current Title:

Small book image
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Kenneth Geisshirt
Jan, 2007 | 124 pages
No titles found
Table of Contents (13 chapters)
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Introduction to PAM
Introduction to PAM
History of PAM
PAM Solves the Authentication Problem
Need for PAM
Installing Linux-PAM
PAM Implementations
Summary
2
Theory of Operation
Theory of Operation
PAM File System Layout
The PAM Framework
Online Documentation
Services
Management Groups
Stacking
Control Flags
Consolidating Your PAM Configuration
Securing Your Environment
Summary
3
Testing and Debugging
Testing and Debugging
Where to Test?
Leaving a Back Door Open
Test Cases
Getting Backstage
The pamtester Utility
Automating PAM Tests
Bad Example
Summary
4
Common Modules
Common Modules
Parameters
Modules Related to User Environments
Modules Used to Restrict Access
Modules Related to Back-End Storage
Summary
5
Recipes
Recipes
Encrypted Home Directories
Working with Secure Shell
Apache htaccess Made Smart
Directory Services
Limiting r-Services
Limiting Resources
Summary
6
Developing with PAM
Developing with PAM
PAM-aware Applications
Developing your Own PAM Modules
Summary
Source code
Source code
Vault – Secure Database
The ssh_tunnels Module
Index
Index

History of PAM

The history of PAM goes back to 1995 when developers from Sun Microsystems implemented a generic framework for Solaris. When Solaris 2.6 was released in August 1997, PAM was an integrated component of the operating system. Ever since then, Solaris has been using PAM for authentication. In February 1997, the Linux-PAM project began, and most GNU/Linux distributions today are using PAM.

The official website of Linux PAM is http://www.kernel.org/pub/linux/libs/pam/, while SUN Microsystems documents the Solaris PAM at http://www.sun.com/software/solaris/pam/, and OpenPAM used by FreeBSD can be found at http://trac.des.no/openpam/. PAM implementations are based on an open standard from the Open Group named XSSO, which can be found at http://www.opengroup.org/pubs/catalog/p702.htm.

The primary operating system of this book is GNU/Linux, but PAM does exist for many operating systems. Configuration files are almost identical across Linux and UNIX operating systems—module names might differ slightly and some modules are not supported on every contemporary UNIX. This means that the examples in this book can be carried from one UNIX environment to another with minor adjustment.

The examples in the book have been tested under Ubuntu Linux 6.06 LTS or SuSE Linux Enterprise Server 9 SP2 (as VMware guests).

Previous Section
End of Section 2
Next Section