Book Image

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By : Kenneth Geisshirt
Book Image

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By: Kenneth Geisshirt

Overview of this book

<p>PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration.<br /><br />The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. <br /><br />PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.</p>

Related Content you might be interested in

Current Title:

Small book image
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Kenneth Geisshirt
Jan, 2007 | 124 pages
No titles found
Table of Contents (13 chapters)
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Introduction to PAM
Introduction to PAM
History of PAM
PAM Solves the Authentication Problem
Need for PAM
Installing Linux-PAM
PAM Implementations
Summary
2
Theory of Operation
Theory of Operation
PAM File System Layout
The PAM Framework
Online Documentation
Services
Management Groups
Stacking
Control Flags
Consolidating Your PAM Configuration
Securing Your Environment
Summary
3
Testing and Debugging
Testing and Debugging
Where to Test?
Leaving a Back Door Open
Test Cases
Getting Backstage
The pamtester Utility
Automating PAM Tests
Bad Example
Summary
4
Common Modules
Common Modules
Parameters
Modules Related to User Environments
Modules Used to Restrict Access
Modules Related to Back-End Storage
Summary
5
Recipes
Recipes
Encrypted Home Directories
Working with Secure Shell
Apache htaccess Made Smart
Directory Services
Limiting r-Services
Limiting Resources
Summary
6
Developing with PAM
Developing with PAM
PAM-aware Applications
Developing your Own PAM Modules
Summary
Source code
Source code
Vault – Secure Database
The ssh_tunnels Module
Index
Index

Summary

This chapter outlines the problem and the roots of complexity of authentication, and discusses how the framework of Pluggable Authentication Modules (PAM) can provide solutions and reduce the complexity. This chapter also discusses installing Linux PAM: downloading its packages as well as compiling them. A brief introduction about extra PAM modules is provided at the end.

PAM is a concept and a framework. It can be implemented in many different ways, for example, PAM for Solaris, GNU/Linux, and FreeBSD/NetBSD are implemented independently. Even among the GNU/Linux distributions we see differences due to different versions. PAM bridges the UNX operating systems since PAM implementations are very similar. This book may be focused on GNU/Linux, but you should be able to apply the concepts to your favorite UNIX operating system.

Previous Section
End of Chapter 1
Next Chapter