Book Image

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By : Kenneth Geisshirt
Book Image

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By: Kenneth Geisshirt

Overview of this book

<p>PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration.<br /><br />The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. <br /><br />PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.</p>

Related Content you might be interested in

Current Title:

Small book image
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Kenneth Geisshirt
Jan, 2007 | 124 pages
No titles found
Table of Contents (13 chapters)
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
Preface
Preface
Free Chapter
1
Introduction to PAM
Introduction to PAM
History of PAM
PAM Solves the Authentication Problem
Need for PAM
Installing Linux-PAM
PAM Implementations
Summary
2
Theory of Operation
Theory of Operation
PAM File System Layout
The PAM Framework
Online Documentation
Services
Management Groups
Stacking
Control Flags
Consolidating Your PAM Configuration
Securing Your Environment
Summary
3
Testing and Debugging
Testing and Debugging
Where to Test?
Leaving a Back Door Open
Test Cases
Getting Backstage
The pamtester Utility
Automating PAM Tests
Bad Example
Summary
4
Common Modules
Common Modules
Parameters
Modules Related to User Environments
Modules Used to Restrict Access
Modules Related to Back-End Storage
Summary
5
Recipes
Recipes
Encrypted Home Directories
Working with Secure Shell
Apache htaccess Made Smart
Directory Services
Limiting r-Services
Limiting Resources
Summary
6
Developing with PAM
Developing with PAM
PAM-aware Applications
Developing your Own PAM Modules
Summary
Source code
Source code
Vault – Secure Database
The ssh_tunnels Module
Index
Index

Online Documentation

PAM is documented as a set of man pages. The manual for UNIX and Linux operating systems is often referred to as the man pages since the program man is used to search and display the manual. As always, the utility apropos can search your online documentation. The output of apropos on Ubuntu Linux is shown below: 

pamela@pamela:~$ apropos pam 
pam (7)                - Pluggable Authentication Modules for Linux
pam_authenticate (3)   - authenticate a user
pam_chauthtok (3)      - updating authentication tokens
pam_end (3) [pam_start]  - activating Linux-PAM
pam_fail_delay (3)     - request a delay on failure
pam_get_item (3)       - item manipulation under PAM
pam_getenv (8)        - get environment variables from /etc/environment
pam_open/close_session (3) [pam_open_session] - PAM session management
pam_open_session (3)  - PAM session management
pam_set_item (3)      - item manipulation under PAM
pam_setcred (3)       - set the credentials for the user
pam_start (3)  ...
Previous Section
End of Section 4
Next Section