The dominant programming language of UNIX is C, and it is in many ways easier to develop new modules in C than any other language. It might sound like a huge assignment to develop a PAM module, but many modules are small—ranging from 100 to 1000 lines of code in the C language. Of course, the pam_unix module is typically a very large one. The implementation of the module in Linux-PAM is about 4500 lines of code—a large portion is used to check new passwords.
The PAM run-time environment expects a few things from the modules. In particular the API for a set of functions related to the management groups must be followed. The example module presented in this chapter is a very simple one—about 70 lines of C code. It only operates in the session management group, and it sets up a number of Secure Shell tunnels mapping a TCP port on your local machine to a port on a remote port. You connect to localhost and the network traffic transparently travels to your remote...