Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By : Kenneth Geisshirt

Buy this Book

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By: Kenneth Geisshirt

Buy this Book

Overview of this book

PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration. The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

Credits

About the Author

About the Reviewers

Preface

Free Chapter

Introduction to PAM

History of PAM

PAM Solves the Authentication Problem

Need for PAM

Installing Linux-PAM

PAM Implementations

Summary

Theory of Operation

PAM File System Layout

Consolidating Your PAM Configuration

Securing Your Environment

Summary

Testing and Debugging

Where to Test?

Leaving a Back Door Open

Test Cases

Getting Backstage

The pamtester Utility

Automating PAM Tests

Bad Example

Summary

Common Modules

Parameters

Modules Related to User Environments

Modules Used to Restrict Access

Modules Related to Back-End Storage

Summary

Recipes

Encrypted Home Directories

Working with Secure Shell

Apache htaccess Made Smart

Directory Services

Limiting r-Services

Limiting Resources

Summary

Developing with PAM

PAM-aware Applications

Developing your Own PAM Modules

Summary

Source code

Vault – Secure Database

The ssh_tunnels Module

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Stacking

One of the most useful concepts of PAM is the stacking of modules. For each management group you can define a set or a stack of modules, which are used in turn. When an application calls the PAM library function, for example to authenticate, the PAM runtime will call each authentication function in each module—one at a time like cards from a stack. The order of calling is determined by the order in the configuration (service) file. You have to be careful—changing the order in the stack might have great impact on the functionality.

As example, let us examine the contents of the configuration file for the XDM service.

pamela@pamela:~$ cat /etc/pam.d/xdm 
# $Id: xdm.pam 189 2005-06-11 00:04:27Z branden $
auth   required    pam_unix.so nullok_secure
auth   requisite   pam_nologin.so
auth   required    pam_env.so envfile=/etc/default/locale

For simplicity, only the auth management group is shown. The stack consists of three elements or modules (unix, nologin, and env). The nullok_secure...

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By : Kenneth Geisshirt

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By: Kenneth Geisshirt

Overview of this book

Related Content you might be interested in

Current Title:

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

Stacking