Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By : Kenneth Geisshirt

Buy this Book

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By: Kenneth Geisshirt

Buy this Book

Overview of this book

PAM-aware applications reduce the complexity of authentication. With PAM you can use the same user database for every login process. PAM also supports different authentication processes as required. Moreover, PAM is a well-defined API, and PAM-aware applications will not break if you change the underlying authentication configuration. The PAM framework is widely used by most Linux distributions for authentication purposes. Originating from Solaris 2.6 ten years ago, PAM is used today by most proprietary and free UNIX operating systems including GNU/Linux, FreeBSD, and Solaris, following both the design concept and the practical details. PAM is thus a unifying technology for authentication mechanisms in UNIX. PAM is a modular and flexible authentication management layer that sits between Linux applications and the native underlying authentication system. PAM can be implemented with various applications without having to recompile the applications to specifically support PAM.

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

Credits

About the Author

About the Reviewers

Preface

Free Chapter

Introduction to PAM

History of PAM

PAM Solves the Authentication Problem

Need for PAM

Installing Linux-PAM

PAM Implementations

Summary

Theory of Operation

PAM File System Layout

Consolidating Your PAM Configuration

Securing Your Environment

Summary

Testing and Debugging

Where to Test?

Leaving a Back Door Open

Test Cases

Getting Backstage

The pamtester Utility

Automating PAM Tests

Bad Example

Summary

Common Modules

Parameters

Modules Related to User Environments

Modules Used to Restrict Access

Modules Related to Back-End Storage

Summary

Recipes

Encrypted Home Directories

Working with Secure Shell

Apache htaccess Made Smart

Directory Services

Limiting r-Services

Limiting Resources

Summary

Developing with PAM

PAM-aware Applications

Developing your Own PAM Modules

Summary

Source code

Vault – Secure Database

The ssh_tunnels Module

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

The pamtester Utility

The pamtester utility is developed by Moriyoshi Koizumi in order to help module developers, but it can also help systems administrators to test new PAM configurations. The utility has not yet been included in any UNIX or Linux distribution. It can be downloaded from its website (http://pamtester.sourceforge.net). It is distributed as a gzip'ed tar file. Compilation and installation is straightforward. The following commands are required to compile and install the pamtester utility:

  # tar xzf pamtester-0.1.2.tar.gz
  # cd pamtester-0.1.2
  # ./configure --prefix=/usr/local
  # make
  # make install

Once installed you can start using the utility. It is a pure command-line utility and it takes three parameters. The first parameter is the name of the PAM service, the second one is the user name, and the third is the operation to test. The operation is related to the management groups that were discussed in Chapter 2. The following operations are supported:

authenticate...

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By : Kenneth Geisshirt

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

By: Kenneth Geisshirt

Overview of this book

Related Content you might be interested in

Current Title:

Pluggable Authentication Modules: The Definitive Guide to PAM for Linux SysAdmins and C Developers

The pamtester Utility